{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"kernel security update", "category":"general", "title":"Synopsis" }, { "text":"An update for kernel is now available for openEuler-22.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"The Linux Kernel, the operating system core itself. Security Fix(es): In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do_stop() ... spin_lock_irqsave(&local->queue_stop_reason_lock, flags) ... ieee80211_free_txskb() ieee80211_report_used_skb() ieee80211_report_ack_skb() cfg80211_mgmt_tx_status_ext() nl80211_frame_tx_status() genlmsg_multicast_netns() genlmsg_multicast_netns_filtered() nlmsg_multicast_filtered() netlink_broadcast_filtered() do_one_broadcast() netlink_broadcast_deliver() __netlink_sendskb() netlink_deliver_tap() __netlink_deliver_tap_skb() dev_queue_xmit() __dev_queue_xmit() ; with IRQS disabled ... spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags) issues the warning (as reported by syzbot reproducer): WARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120 Fix this by implementing a two-phase skb reclamation in 'ieee80211_do_stop()', where actual work is performed outside of a section with interrupts disabled.(CVE-2024-47713) In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map (like in case of .rodata), it was still possible to write into it from a BPF program side through specific helpers having ARG_PTR_TO_{LONG,INT} as arguments. In check_func_arg() when the argument is as mentioned, the meta->raw_mode is never set. Later, check_helper_mem_access(), under the case of PTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the subsequent call to check_map_access_type() and given the BPF map is read-only it succeeds. The helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT when results are written into them as opposed to read out of them. The latter indicates that it's okay to pass a pointer to uninitialized memory as the memory is written to anyway. However, ARG_PTR_TO_{LONG,INT} is a special case of ARG_PTR_TO_FIXED_SIZE_MEM just with additional alignment requirement. So it is better to just get rid of the ARG_PTR_TO_{LONG,INT} special cases altogether and reuse the fixed size memory types. For this, add MEM_ALIGNED to additionally ensure alignment given these helpers write directly into the args via * = val. The .arg*_size has been initialized reflecting the actual sizeof(*). MEM_ALIGNED can only be used in combination with MEM_FIXED_SIZE annotated argument types, since in !MEM_FIXED_SIZE cases the verifier does not know the buffer size a priori and therefore cannot blindly write * = val.(CVE-2024-49861) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointer before try to access it [why & how] Change the order of the pipe_ctx->plane_state check to ensure that plane_state is not null before accessing it.(CVE-2024-49906) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags [WHAT & HOW] 'dcn20_validate_apply_pipe_split_flags'dereferences merge, and thus it cannot be a null pointer. Let's pass a valid pointer to avoid null dereference. This fixes 2 FORWARD_NULL issues reported by Coverity.(CVE-2024-49923) In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix zero-division error when disabling tc cbs The commit b8c43360f6e4 ('net: stmmac: No need to calculate speed divider when offload is disabled') allows the 'port_transmit_rate_kbps' to be set to a value of 0, which is then passed to the 'div_s64' function when tc-cbs is disabled. This leads to a zero-division error. When tc-cbs is disabled, the idleslope, sendslope, and credit values the credit values are not required to be configured. Therefore, adding a return statement after setting the txQ mode to DCB when tc-cbs is disabled would prevent a zero-division error.(CVE-2024-49977) In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could possibly return NULL pointer. NULL Pointer Dereference may be triggerred without addtional check. Add a NULL check for the returned pointer.(CVE-2024-50103) In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). Fix this by prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update 'admin' immediately before an attempt to schedule freeing.(CVE-2024-50127) In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a 'memcpy: detected field-spanning write error' warning: [ 13.319813] memcpy: detected field-spanning write (size 16896) of single field 'p->data' at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4) [ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo] [ 13.320038] Call Trace: [ 13.320173] hgsmi_update_pointer_shape [vboxvideo] [ 13.320184] vbox_cursor_atomic_update [vboxvideo] Note as mentioned in the added comment it seems the original length calculation for the allocated and send hgsmi buffer is 4 bytes too large. Changing this is not the goal of this patch, so this behavior is kept.(CVE-2024-50134) In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix encoder->possible_clones Include the encoder itself in its possible_clones bitmask. In the past nothing validated that drivers were populating possible_clones correctly, but that changed in commit 74d2aacbe840 ('drm: Validate encoder->possible_clones'). Looks like radeon never got the memo and is still not following the rules 100% correctly. This results in some warnings during driver initialization: Bogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7) WARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c ... (cherry picked from commit 3b6e7d40649c0d75572039aff9d0911864c689db)(CVE-2024-50201) In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource. However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_valid_strict() before get_clock_desc() to fix it, because the 'ts' is not changed after that. [pabeni@redhat.com: fixed commit message typo](CVE-2024-50210) In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_edgeport: fix use after free in debug printk The 'dev_dbg(&urb->dev->dev, ...' which happens after usb_free_urb(urb) is a use after free of the 'urb' pointer. Store the 'dev' pointer at the start of the function to avoid this issue.(CVE-2024-50267) In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This happens because expanding the fast device requires reloading the cache table for cache_create to allocate new in-core data structures that fit the new size, and the check in cache_preresume is not performed during the first resume, leading to the issue. Reproduce steps: 1. prepare component devices: dmsetup create cmeta --table '0 8192 linear /dev/sdc 0' dmsetup create cdata --table '0 65536 linear /dev/sdc 8192' dmsetup create corig --table '0 524288 linear /dev/sdc 262144' dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct 2. load a cache table of 512 cache blocks, and deliberately expand the fast device before resuming the cache, making the in-core data structures inadequate. dmsetup create cache --notable dmsetup reload cache --table 0 524288 cache /dev/mapper/cmeta /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\" dmsetup reload cdata --table '0 131072 linear /dev/sdc 8192\" dmsetup resume cdata dmsetup resume cache 3. suspend the cache to write out the in-core dirty bitset and hint array, leading to out-of-bounds access to the dirty bitset at offset 0x40: dmsetup suspend cache KASAN reports: BUG: KASAN: vmalloc-out-of-bounds in is_dirty_callback+0x2b/0x80 Read of size 8 at addr ffffc90000085040 by task dmsetup/90 (...snip...) The buggy address belongs to the virtual mapping at [ffffc90000085000, ffffc90000087000) created by: cache_ctr+0x176a/0x35f0 (...snip...) Memory state around the buggy address: ffffc90000084f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000084f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc90000085000: 00 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc90000085080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000085100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 Fix by checking the size change on the first resume.(CVE-2024-50278) In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that.(CVE-2024-50290) In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [ 5.099099] dma_release_channel+0x24/0x100 [ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx] To avoid this issue, release channel only if the pointer is valid.(CVE-2024-50292) In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline] BUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410 security/keys/permission.c:54 Read of size 4 at addr ffff88813c3ab618 by task stress-ng/4362 CPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15 Call Trace: __dump_stack lib/dump_stack.c:82 [inline] dump_stack+0x107/0x167 lib/dump_stack.c:123 print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400 __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560 kasan_report+0x3a/0x50 mm/kasan/report.c:585 __kuid_val include/linux/uidgid.h:36 [inline] uid_eq include/linux/uidgid.h:63 [inline] key_task_permission+0x394/0x410 security/keys/permission.c:54 search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793 This issue was also reported by syzbot. It can be reproduced by following these steps(more details [1]): 1. Obtain more than 32 inputs that have similar hashes, which ends with the pattern '0xxxxxxxe6'. 2. Reboot and add the keys obtained in step 1. The reproducer demonstrates how this issue happened: 1. In the search_nested_keyrings function, when it iterates through the slots in a node(below tag ascend_to_node), if the slot pointer is meta and node->back_pointer != NULL(it means a root), it will proceed to descend_to_node. However, there is an exception. If node is the root, and one of the slots points to a shortcut, it will be treated as a keyring. 2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function. However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as ASSOC_ARRAY_PTR_SUBTYPE_MASK. 3. When 32 keys with the similar hashes are added to the tree, the ROOT has keys with hashes that are not similar (e.g. slot 0) and it splits NODE A without using a shortcut. When NODE A is filled with keys that all hashes are xxe6, the keys are similar, NODE A will split with a shortcut. Finally, it forms the tree as shown below, where slot 6 points to a shortcut. NODE A +------>+---+ ROOT | | 0 | xxe6 +---+ | +---+ xxxx | 0 | shortcut : : xxe6 +---+ | +---+ xxe6 : : | | | xxe6 +---+ | +---+ | 6 |---+ : : xxe6 +---+ +---+ xxe6 : : | f | xxe6 +---+ +---+ xxe6 | f | +---+ 4. As mentioned above, If a slot(slot 6) of the root points to a shortcut, it may be mistakenly transferred to a key*, leading to a read out-of-bounds read. To fix this issue, one should jump to descend_to_node if the ptr is a shortcut, regardless of whether the node is root or not. [1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/ [jarkko: tweaked the commit message a bit to have an appropriate closes tag.](CVE-2024-50301) In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.(CVE-2024-50302) In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.(CVE-2024-53104) In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory.(CVE-2024-53110) In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular inode in 'ocfs2_verify_group_and_input()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with 'ocfs2_remove_from_cache()' on error path in 'ocfs2_group_add()'.(CVE-2024-53112) In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 --------------> r11 = 0x2f5674a6 (r) 4: r1 >>= 32 r11 <<= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit (or zero extension of w1 at (2) is missing for architectures that require zero extension for upper register half). The following happens w/o this patch: - r0 is marked as not a subreg at (0); - w1 is marked as subreg at (2); - w1 subreg_def is overridden at (3) by copy_register_state(); - w1 is read at (5) but mark_insn_zext() does not mark (2) for zero extension, because w1 subreg_def is not set; - because of BPF_F_TEST_RND_HI32 flag verifier inserts random value for hi32 bits of (2) (marked (r)); - this random value is read at (5).(CVE-2024-53125) In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the \"block:block_dirty_buffer\" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, nilfs_grab_buffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the \"uptodate\" state for each of its caller block reading functions. However, if the uptodate flag is set on a folio/page, and the buffer heads are detached from it by try_to_free_buffers(), and new buffer heads are then attached by create_empty_buffers(), the uptodate flag may be restored to each buffer without the block device being set to bh->b_bdev, and mark_buffer_dirty() may be called later in that state, resulting in the bug mentioned above. Fix this issue by making nilfs_grab_buffer() always set the block device of the super block structure to the buffer head, regardless of the state of the buffer's uptodate flag.(CVE-2024-53130)", "category":"general", "title":"Description" }, { "text":"An update for kernel is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"kernel", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-2536", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" }, { "summary":"CVE-2024-47713", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47713&packageName=kernel" }, { "summary":"CVE-2024-49861", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-49861&packageName=kernel" }, { "summary":"CVE-2024-49906", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-49906&packageName=kernel" }, { "summary":"CVE-2024-49923", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-49923&packageName=kernel" }, { "summary":"CVE-2024-49977", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-49977&packageName=kernel" }, { "summary":"CVE-2024-50103", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50103&packageName=kernel" }, { "summary":"CVE-2024-50127", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50127&packageName=kernel" }, { "summary":"CVE-2024-50134", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50134&packageName=kernel" }, { "summary":"CVE-2024-50201", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50201&packageName=kernel" }, { "summary":"CVE-2024-50210", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50210&packageName=kernel" }, { "summary":"CVE-2024-50267", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50267&packageName=kernel" }, { "summary":"CVE-2024-50278", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50278&packageName=kernel" }, { "summary":"CVE-2024-50290", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50290&packageName=kernel" }, { "summary":"CVE-2024-50292", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50292&packageName=kernel" }, { "summary":"CVE-2024-50301", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50301&packageName=kernel" }, { "summary":"CVE-2024-50302", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50302&packageName=kernel" }, { "summary":"CVE-2024-53104", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53104&packageName=kernel" }, { "summary":"CVE-2024-53110", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53110&packageName=kernel" }, { "summary":"CVE-2024-53112", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53112&packageName=kernel" }, { "summary":"CVE-2024-53125", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53125&packageName=kernel" }, { "summary":"CVE-2024-53130", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53130&packageName=kernel" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47713" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49861" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49906" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49923" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49977" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50103" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50127" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50134" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50201" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50210" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50267" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50278" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50290" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50292" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50301" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50302" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53104" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53110" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53112" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53125" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53130" }, { "summary":"openEuler-SA-2024-2536 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-2536.json" } ], "title":"An update for kernel is now available for openEuler-22.03-LTS-SP1", "tracking":{ "initial_release_date":"2024-12-13T21:17:32+08:00", "revision_history":[ { "date":"2024-12-13T21:17:32+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2024-12-13T21:17:32+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-12-13T21:17:32+08:00", "id":"openEuler-SA-2024-2536", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"openEuler-22.03-LTS-SP1", "name":"openEuler-22.03-LTS-SP1" }, "name":"openEuler-22.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"perf-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"perf-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"perf-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "name":"python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm" }, "name":"python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"perf-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"perf-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"perf-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "name":"python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm" }, "name":"python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"kernel-5.10.0-136.105.0.186.oe2203sp1.src.rpm", "name":"kernel-5.10.0-136.105.0.186.oe2203sp1.src.rpm" }, "name":"kernel-5.10.0-136.105.0.186.oe2203sp1.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"perf-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"perf-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "name":"python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"perf-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"perf-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "name":"python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"kernel-5.10.0-136.105.0.186.oe2203sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src", "name":"kernel-5.10.0-136.105.0.186.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-47713", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()\n\nSince '__dev_queue_xmit()' should be called with interrupts enabled,\nthe following backtrace:\n\nieee80211_do_stop()\n ...\n spin_lock_irqsave(&local->queue_stop_reason_lock, flags)\n ...\n ieee80211_free_txskb()\n ieee80211_report_used_skb()\n ieee80211_report_ack_skb()\n cfg80211_mgmt_tx_status_ext()\n nl80211_frame_tx_status()\n genlmsg_multicast_netns()\n genlmsg_multicast_netns_filtered()\n nlmsg_multicast_filtered()\n\t netlink_broadcast_filtered()\n\t do_one_broadcast()\n\t netlink_broadcast_deliver()\n\t __netlink_sendskb()\n\t netlink_deliver_tap()\n\t __netlink_deliver_tap_skb()\n\t dev_queue_xmit()\n\t __dev_queue_xmit() ; with IRQS disabled\n ...\n spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags)\n\nissues the warning (as reported by syzbot reproducer):\n\nWARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120\n\nFix this by implementing a two-phase skb reclamation in\n'ieee80211_do_stop()', where actual work is performed\noutside of a section with interrupts disabled.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-47713" }, { "cve":"CVE-2024-49861", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix helper writes to read-only maps\n\nLonial found an issue that despite user- and BPF-side frozen BPF map\n(like in case of .rodata), it was still possible to write into it from\na BPF program side through specific helpers having ARG_PTR_TO_{LONG,INT}\nas arguments.\n\nIn check_func_arg() when the argument is as mentioned, the meta->raw_mode\nis never set. Later, check_helper_mem_access(), under the case of\nPTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the\nsubsequent call to check_map_access_type() and given the BPF map is\nread-only it succeeds.\n\nThe helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT\nwhen results are written into them as opposed to read out of them. The\nlatter indicates that it's okay to pass a pointer to uninitialized memory\nas the memory is written to anyway.\n\nHowever, ARG_PTR_TO_{LONG,INT} is a special case of ARG_PTR_TO_FIXED_SIZE_MEM\njust with additional alignment requirement. So it is better to just get\nrid of the ARG_PTR_TO_{LONG,INT} special cases altogether and reuse the\nfixed size memory types. For this, add MEM_ALIGNED to additionally ensure\nalignment given these helpers write directly into the args via * = val.\nThe .arg*_size has been initialized reflecting the actual sizeof(*).\n\nMEM_ALIGNED can only be used in combination with MEM_FIXED_SIZE annotated\nargument types, since in !MEM_FIXED_SIZE cases the verifier does not know\nthe buffer size a priori and therefore cannot blindly write * = val.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-49861" }, { "cve":"CVE-2024-49906", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before try to access it\n\n[why & how]\nChange the order of the pipe_ctx->plane_state check to ensure that\nplane_state is not null before accessing it.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-49906" }, { "cve":"CVE-2024-49923", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags\n\n[WHAT & HOW]\n\"dcn20_validate_apply_pipe_split_flags\" dereferences merge, and thus it\ncannot be a null pointer. Let's pass a valid pointer to avoid null\ndereference.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-49923" }, { "cve":"CVE-2024-49977", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Fix zero-division error when disabling tc cbs\n\nThe commit b8c43360f6e4 (\"net: stmmac: No need to calculate speed divider\nwhen offload is disabled\") allows the \"port_transmit_rate_kbps\" to be\nset to a value of 0, which is then passed to the \"div_s64\" function when\ntc-cbs is disabled. This leads to a zero-division error.\n\nWhen tc-cbs is disabled, the idleslope, sendslope, and credit values the\ncredit values are not required to be configured. Therefore, adding a return\nstatement after setting the txQ mode to DCB when tc-cbs is disabled would\nprevent a zero-division error.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-49977" }, { "cve":"CVE-2024-50103", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()\n\nA devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could\npossibly return NULL pointer. NULL Pointer Dereference may be\ntriggerred without addtional check.\nAdd a NULL check for the returned pointer.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-50103" }, { "cve":"CVE-2024-50127", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix use-after-free in taprio_change()\n\nIn 'taprio_change()', 'admin' pointer may become dangling due to sched\nswitch / removal caused by 'advance_sched()', and critical section\nprotected by 'q->current_entry_lock' is too small to prevent from such\na scenario (which causes use-after-free detected by KASAN). Fix this\nby prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update\n'admin' immediately before an attempt to schedule freeing.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-50127" }, { "cve":"CVE-2024-50134", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\n\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with\na real VLA to fix a \"memcpy: detected field-spanning write error\" warning:\n\n[ 13.319813] memcpy: detected field-spanning write (size 16896) of single field \"p->data\" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4)\n[ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo]\n[ 13.320038] Call Trace:\n[ 13.320173] hgsmi_update_pointer_shape [vboxvideo]\n[ 13.320184] vbox_cursor_atomic_update [vboxvideo]\n\nNote as mentioned in the added comment it seems the original length\ncalculation for the allocated and send hgsmi buffer is 4 bytes too large.\nChanging this is not the goal of this patch, so this behavior is kept.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-50134" }, { "cve":"CVE-2024-50201", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: Fix encoder->possible_clones\n\nInclude the encoder itself in its possible_clones bitmask.\nIn the past nothing validated that drivers were populating\npossible_clones correctly, but that changed in commit\n74d2aacbe840 (\"drm: Validate encoder->possible_clones\").\nLooks like radeon never got the memo and is still not\nfollowing the rules 100% correctly.\n\nThis results in some warnings during driver initialization:\nBogus possible_clones: [ENCODER:46:TV-46] possible_clones=0x4 (full encoder mask=0x7)\nWARNING: CPU: 0 PID: 170 at drivers/gpu/drm/drm_mode_config.c:615 drm_mode_config_validate+0x113/0x39c\n...\n\n(cherry picked from commit 3b6e7d40649c0d75572039aff9d0911864c689db)", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-50201" }, { "cve":"CVE-2024-50210", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nposix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()\n\nIf get_clock_desc() succeeds, it calls fget() for the clockid's fd,\nand get the clk->rwsem read lock, so the error path should release\nthe lock to make the lock balance and fput the clockid's fd to make\nthe refcount balance and release the fd related resource.\n\nHowever the below commit left the error path locked behind resulting in\nunbalanced locking. Check timespec64_valid_strict() before\nget_clock_desc() to fix it, because the \"ts\" is not changed\nafter that.\n\n[pabeni@redhat.com: fixed commit message typo]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-50210" }, { "cve":"CVE-2024-50267", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: io_edgeport: fix use after free in debug printk\n\nThe \"dev_dbg(&urb->dev->dev, ...\" which happens after usb_free_urb(urb)\nis a use after free of the \"urb\" pointer. Store the \"dev\" pointer at the\nstart of the function to avoid this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-50267" }, { "cve":"CVE-2024-50278", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix potential out-of-bounds access on the first resume\n\nOut-of-bounds access occurs if the fast device is expanded unexpectedly\nbefore the first-time resume of the cache table. This happens because\nexpanding the fast device requires reloading the cache table for\ncache_create to allocate new in-core data structures that fit the new\nsize, and the check in cache_preresume is not performed during the\nfirst resume, leading to the issue.\n\nReproduce steps:\n\n1. prepare component devices:\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\n\n2. load a cache table of 512 cache blocks, and deliberately expand the\n fast device before resuming the cache, making the in-core data\n structures inadequate.\n\ndmsetup create cache --notable\ndmsetup reload cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\ndmsetup reload cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\n3. suspend the cache to write out the in-core dirty bitset and hint\n array, leading to out-of-bounds access to the dirty bitset at offset\n 0x40:\n\ndmsetup suspend cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in is_dirty_callback+0x2b/0x80\n Read of size 8 at addr ffffc90000085040 by task dmsetup/90\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc90000085000, ffffc90000087000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc90000084f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc90000084f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n >ffffc90000085000: 00 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc90000085080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc90000085100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by checking the size change on the first resume.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-50278" }, { "cve":"CVE-2024-50290", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-50290" }, { "cve":"CVE-2024-50292", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove\n\nIn case of error when requesting ctrl_chan DMA channel, ctrl_chan is not\nnull. So the release of the dma channel leads to the following issue:\n[ 4.879000] st,stm32-spdifrx 500d0000.audio-controller:\ndma_request_slave_channel error -19\n[ 4.888975] Unable to handle kernel NULL pointer dereference\nat virtual address 000000000000003d\n[...]\n[ 5.096577] Call trace:\n[ 5.099099] dma_release_channel+0x24/0x100\n[ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx]\n[ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx]\n\nTo avoid this issue, release channel only if the pointer is valid.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-50292" }, { "cve":"CVE-2024-50301", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n pattern '0xxxxxxxe6'.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n slots in a node(below tag ascend_to_node), if the slot pointer is meta\n and node->back_pointer != NULL(it means a root), it will proceed to\n descend_to_node. However, there is an exception. If node is the root,\n and one of the slots points to a shortcut, it will be treated as a\n keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n has keys with hashes that are not similar (e.g. slot 0) and it splits\n NODE A without using a shortcut. When NODE A is filled with keys that\n all hashes are xxe6, the keys are similar, NODE A will split with a\n shortcut. Finally, it forms the tree as shown below, where slot 6 points\n to a shortcut.\n\n NODE A\n +------>+---+\n ROOT | | 0 | xxe6\n +---+ | +---+\n xxxx | 0 | shortcut : : xxe6\n +---+ | +---+\n xxe6 : : | | | xxe6\n +---+ | +---+\n | 6 |---+ : : xxe6\n +---+ +---+\n xxe6 : : | f | xxe6\n +---+ +---+\n xxe6 | f |\n +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n it may be mistakenly transferred to a key*, leading to a read\n out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-50301" }, { "cve":"CVE-2024-50302", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-50302" }, { "cve":"CVE-2024-53104", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-53104" }, { "cve":"CVE-2024-53110", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvp_vdpa: fix id_table array not null terminated error\n\nAllocate one extra virtio_device_id as null terminator, otherwise\nvdpa_mgmtdev_get_classes() may iterate multiple times and visit\nundefined memory.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53110" }, { "cve":"CVE-2024-53112", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: uncache inode which has failed entering the group\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/ocfs2/uptodate.c:509!\n...\nCall Trace:\n \n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? do_error_trap+0x1dc/0x2c0\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? __pfx_do_error_trap+0x10/0x10\n ? handle_invalid_op+0x34/0x40\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? ocfs2_set_new_buffer_uptodate+0x2e/0x160\n ? ocfs2_set_new_buffer_uptodate+0x144/0x160\n ? ocfs2_set_new_buffer_uptodate+0x145/0x160\n ocfs2_group_add+0x39f/0x15a0\n ? __pfx_ocfs2_group_add+0x10/0x10\n ? __pfx_lock_acquire+0x10/0x10\n ? mnt_get_write_access+0x68/0x2b0\n ? __pfx_lock_release+0x10/0x10\n ? rcu_read_lock_any_held+0xb7/0x160\n ? __pfx_rcu_read_lock_any_held+0x10/0x10\n ? smack_log+0x123/0x540\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x68/0x2b0\n ? mnt_get_write_access+0x226/0x2b0\n ocfs2_ioctl+0x65e/0x7d0\n ? __pfx_ocfs2_ioctl+0x10/0x10\n ? smack_file_ioctl+0x29e/0x3a0\n ? __pfx_smack_file_ioctl+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? __pfx_ocfs2_ioctl+0x10/0x10\n __se_sys_ioctl+0xfb/0x170\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \n\nWhen 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular\ninode in 'ocfs2_verify_group_and_input()', corresponding buffer head\nremains cached and subsequent call to the same 'ioctl()' for the same\ninode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying\nto cache the same buffer head of that inode). Fix this by uncaching\nthe buffer head with 'ocfs2_remove_from_cache()' on error path in\n'ocfs2_group_add()'.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53112" }, { "cve":"CVE-2024-53125", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 < 10 goto +0 --------------> r11 = 0x2f5674a6 (r)\n 4: r1 >>= 32 r11 <<= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 < 0xa goto pc+0\n r1 >>= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53125" }, { "cve":"CVE-2024-53130", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint\n\nWhen using the \"block:block_dirty_buffer\" tracepoint, mark_buffer_dirty()\nmay cause a NULL pointer dereference, or a general protection fault when\nKASAN is enabled.\n\nThis happens because, since the tracepoint was added in\nmark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev\nregardless of whether the buffer head has a pointer to a block_device\nstructure.\n\nIn the current implementation, nilfs_grab_buffer(), which grabs a buffer\nto read (or create) a block of metadata, including b-tree node blocks,\ndoes not set the block device, but instead does so only if the buffer is\nnot in the \"uptodate\" state for each of its caller block reading\nfunctions. However, if the uptodate flag is set on a folio/page, and the\nbuffer heads are detached from it by try_to_free_buffers(), and new buffer\nheads are then attached by create_empty_buffers(), the uptodate flag may\nbe restored to each buffer without the block device being set to\nbh->b_bdev, and mark_buffer_dirty() may be called later in that state,\nresulting in the bug mentioned above.\n\nFix this issue by making nilfs_grab_buffer() always set the block device\nof the super block structure to the buffer head, regardless of the state\nof the buffer's uptodate flag.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2536" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-debugsource-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-headers-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-source-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-tools-devel-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-perf-debuginfo-5.10.0-136.105.0.186.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:kernel-5.10.0-136.105.0.186.oe2203sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53130" } ] }