{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"kernel security update", "category":"general", "title":"Synopsis" }, { "text":"An update for kernel is now available for openEuler-22.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: USB: Fix wrong-direction WARNING in plusb.c\n\nThe syzbot fuzzer detected a bug in the plusb network driver: A\nzero-length control-OUT transfer was treated as a read instead of a\nwrite. In modern kernels this error provokes a WARNING:\n\nusb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0\nWARNING: CPU: 0 PID: 4645 at drivers/usb/core/urb.c:411\nusb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411\nModules linked in:\nCPU: 1 PID: 4645 Comm: dhcpcd Not tainted\n6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\n01/12/2023\nRIP: 0010:usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411\n...\nCall Trace:\n \n usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58\n usb_internal_control_msg drivers/usb/core/message.c:102 [inline]\n usb_control_msg+0x320/0x4a0 drivers/usb/core/message.c:153\n __usbnet_read_cmd+0xb9/0x390 drivers/net/usb/usbnet.c:2010\n usbnet_read_cmd+0x96/0xf0 drivers/net/usb/usbnet.c:2068\n pl_vendor_req drivers/net/usb/plusb.c:60 [inline]\n pl_set_QuickLink_features drivers/net/usb/plusb.c:75 [inline]\n pl_reset+0x2f/0xf0 drivers/net/usb/plusb.c:85\n usbnet_open+0xcc/0x5d0 drivers/net/usb/usbnet.c:889\n __dev_open+0x297/0x4d0 net/core/dev.c:1417\n __dev_change_flags+0x587/0x750 net/core/dev.c:8530\n dev_change_flags+0x97/0x170 net/core/dev.c:8602\n devinet_ioctl+0x15a2/0x1d70 net/ipv4/devinet.c:1147\n inet_ioctl+0x33f/0x380 net/ipv4/af_inet.c:979\n sock_do_ioctl+0xcc/0x230 net/socket.c:1169\n sock_ioctl+0x1f8/0x680 net/socket.c:1286\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe fix is to call usbnet_write_cmd() instead of usbnet_read_cmd() and\nremove the USB_DIR_IN flag.(CVE-2023-52742)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer\n\nIn af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach af9035_i2c_master_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")(CVE-2023-52915)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: aspeed: Fix memory overwrite if timing is 1600x900\n\nWhen capturing 1600x900, system could crash when system memory usage is\ntight.\n\nThe way to reproduce this issue:\n1. Use 1600x900 to display on host\n2. Mount ISO through 'Virtual media' on OpenBMC's web\n3. Run script as below on host to do sha continuously\n #!/bin/bash\n while [ [1] ];\n do\n\tfind /media -type f -printf '\"%h/%f\"\\n' | xargs sha256sum\n done\n4. Open KVM on OpenBMC's web\n\nThe size of macro block captured is 8x8. Therefore, we should make sure\nthe height of src-buf is 8 aligned to fix this issue.(CVE-2023-52916)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbna: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don't\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user.(CVE-2024-36934)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: don't free NULL coalescing rule\n\nIf the parsing fails, we can dereference a NULL pointer here.(CVE-2024-36941)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.(CVE-2024-43829)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.(CVE-2024-44960)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive.(CVE-2024-44986)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb (\"ipv6: take rcu lock in rawv6_send_hdrinc()\")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n do_writev+0x1b1/0x350 fs/read_write.c:1018\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n \n\nAllocated by task 6530:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:312 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3988 [inline]\n slab_alloc_node mm/slub.c:4037 [inline]\n kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n dst_alloc+0x12b/0x190 net/core/dst.c:89\n ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n ___sys_sendmsg net/socket.c:2651 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2252 [inline]\n slab_free mm/slub.c:4473 [inline]\n kmem_cache_free+0x145/0x350 mm/slub.c:4548\n dst_destroy+0x2ac/0x460 net/core/dst.c:124\n rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---(CVE-2024-44987)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).(CVE-2024-44988)", "category":"general", "title":"Description" }, { "text":"An update for kernel is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"kernel", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-2153", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" }, { "summary":"CVE-2023-52742", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52742&packageName=kernel" }, { "summary":"CVE-2023-52915", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52915&packageName=kernel" }, { "summary":"CVE-2023-52916", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52916&packageName=kernel" }, { "summary":"CVE-2024-36934", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36934&packageName=kernel" }, { "summary":"CVE-2024-36941", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36941&packageName=kernel" }, { "summary":"CVE-2024-43829", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-43829&packageName=kernel" }, { "summary":"CVE-2024-44960", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-44960&packageName=kernel" }, { "summary":"CVE-2024-44986", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-44986&packageName=kernel" }, { "summary":"CVE-2024-44987", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-44987&packageName=kernel" }, { "summary":"CVE-2024-44988", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-44988&packageName=kernel" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52742" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52915" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52916" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36934" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36941" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43829" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44960" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44986" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44987" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44988" }, { "summary":"openEuler-SA-2024-2153 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-2153.json" } ], "title":"An update for kernel is now available for openEuler-22.03-LTS-SP1", "tracking":{ "initial_release_date":"2024-09-20T19:47:59+08:00", "revision_history":[ { "date":"2024-09-20T19:47:59+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2024-09-20T19:47:59+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-09-20T19:47:59+08:00", "id":"openEuler-SA-2024-2153", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"openEuler-22.03-LTS-SP1", "name":"openEuler-22.03-LTS-SP1" }, "name":"openEuler-22.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"perf-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"perf-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"perf-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "name":"python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm" }, "name":"python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-5.10.0-136.94.0.175.oe2203sp1.src.rpm", "name":"kernel-5.10.0-136.94.0.175.oe2203sp1.src.rpm" }, "name":"kernel-5.10.0-136.94.0.175.oe2203sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"perf-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"perf-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"perf-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "name":"python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm" }, "name":"python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"perf-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"perf-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "name":"python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-5.10.0-136.94.0.175.oe2203sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "name":"kernel-5.10.0-136.94.0.175.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"perf-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"perf-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "name":"python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2023-52742", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: USB: Fix wrong-direction WARNING in plusb.c\n\nThe syzbot fuzzer detected a bug in the plusb network driver: A\nzero-length control-OUT transfer was treated as a read instead of a\nwrite. In modern kernels this error provokes a WARNING:\n\nusb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType c0\nWARNING: CPU: 0 PID: 4645 at drivers/usb/core/urb.c:411\nusb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411\nModules linked in:\nCPU: 1 PID: 4645 Comm: dhcpcd Not tainted\n6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\n01/12/2023\nRIP: 0010:usb_submit_urb+0x14a7/0x1880 drivers/usb/core/urb.c:411\n...\nCall Trace:\n \n usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58\n usb_internal_control_msg drivers/usb/core/message.c:102 [inline]\n usb_control_msg+0x320/0x4a0 drivers/usb/core/message.c:153\n __usbnet_read_cmd+0xb9/0x390 drivers/net/usb/usbnet.c:2010\n usbnet_read_cmd+0x96/0xf0 drivers/net/usb/usbnet.c:2068\n pl_vendor_req drivers/net/usb/plusb.c:60 [inline]\n pl_set_QuickLink_features drivers/net/usb/plusb.c:75 [inline]\n pl_reset+0x2f/0xf0 drivers/net/usb/plusb.c:85\n usbnet_open+0xcc/0x5d0 drivers/net/usb/usbnet.c:889\n __dev_open+0x297/0x4d0 net/core/dev.c:1417\n __dev_change_flags+0x587/0x750 net/core/dev.c:8530\n dev_change_flags+0x97/0x170 net/core/dev.c:8602\n devinet_ioctl+0x15a2/0x1d70 net/ipv4/devinet.c:1147\n inet_ioctl+0x33f/0x380 net/ipv4/af_inet.c:979\n sock_do_ioctl+0xcc/0x230 net/socket.c:1169\n sock_ioctl+0x1f8/0x680 net/socket.c:1286\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe fix is to call usbnet_write_cmd() instead of usbnet_read_cmd() and\nremove the USB_DIR_IN flag.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-52742" }, { "cve":"CVE-2023-52915", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer\n\nIn af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach af9035_i2c_master_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-52915" }, { "cve":"CVE-2023-52916", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: aspeed: Fix memory overwrite if timing is 1600x900\n\nWhen capturing 1600x900, system could crash when system memory usage is\ntight.\n\nThe way to reproduce this issue:\n1. Use 1600x900 to display on host\n2. Mount ISO through 'Virtual media' on OpenBMC's web\n3. Run script as below on host to do sha continuously\n #!/bin/bash\n while [ [1] ];\n do\n\tfind /media -type f -printf '\"%h/%f\"\\n' | xargs sha256sum\n done\n4. Open KVM on OpenBMC's web\n\nThe size of macro block captured is 8x8. Therefore, we should make sure\nthe height of src-buf is 8 aligned to fix this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-52916" }, { "cve":"CVE-2024-36934", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbna: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don't\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-36934" }, { "cve":"CVE-2024-36941", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: don't free NULL coalescing rule\n\nIf the parsing fails, we can dereference a NULL pointer here.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-36941" }, { "cve":"CVE-2024-43829", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/qxl: Add check for drm_cvt_mode\n\nAdd check for the return value of drm_cvt_mode() and return the error if\nit fails in order to avoid NULL pointer dereference.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.9, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2024-43829" }, { "cve":"CVE-2024-44960", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.9, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2024-44960" }, { "cve":"CVE-2024-44986", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:ipv6: fix possible UAF in ip6_finish_output2()If skb_expand_head() returns NULL, skb has been freedand associated dst/idev could also have been freed.We need to hold rcu_read_lock() to make sure the dst andassociated idev are alive.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-44986" }, { "cve":"CVE-2024-44987", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:ipv6: prevent UAF in ip6_send_skb()syzbot reported an UAF in ip6_send_skb() [1]After ip6_local_out() has returned, we no longer can safelydereference rt, unless we hold rcu_read_lock().A similar issue has been fixed in commita688caa34beb ( ipv6: take rcu lock in rawv6_send_hdrinc() )Another potential issue in ip6_finish_output2() is handled in aseparate patch.[1] BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964Read of size 8 at addr ffff88806dde4858 by task syz.1.380/6530CPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024Call Trace: __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964 rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588 rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 do_iter_readv_writev+0x60a/0x890 vfs_writev+0x37c/0xbb0 fs/read_write.c:971 do_writev+0x1b1/0x350 fs/read_write.c:1018 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7fRIP: 0033:0x7f936bf79e79Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014RAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004RBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000R13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8 Allocated by task 6530: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3988 [inline] slab_alloc_node mm/slub.c:4037 [inline] kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044 dst_alloc+0x12b/0x190 net/core/dst.c:89 ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670 make_blackhole net/xfrm/xfrm_policy.c:3120 [inline] xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313 ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257 rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597 ___sys_sendmsg net/socket.c:2651 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7fFreed by task 45: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2252 [inline] slab_free mm/slub.c:4473 [inline] kmem_cache_free+0x145/0x350 mm/slub.c:4548 dst_destroy+0x2ac/0x460 net/core/dst.c:124 rcu_do_batch kernel/rcu/tree.c:2569 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree.---truncated---", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-44987" }, { "cve":"CVE-2024-44988", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2153" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.src", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.94.0.175.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.94.0.175.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-44988" } ] }