{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"kernel security update", "category":"general", "title":"Synopsis" }, { "text":"An update for kernel is now available for openEuler-22.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Let probe fail when workqueue cannot be enabled\n\nThe workqueue is enabled when the appropriate driver is loaded and\ndisabled when the driver is removed. When the driver is removed it\nassumes that the workqueue was enabled successfully and proceeds to\nfree allocations made during workqueue enabling.\n\nFailure during workqueue enabling does not prevent the driver from\nbeing loaded. This is because the error path within drv_enable_wq()\nreturns success unless a second failure is encountered\nduring the error path. By returning success it is possible to load\nthe driver even if the workqueue cannot be enabled and\nallocations that do not exist are attempted to be freed during\ndriver remove.\n\nSome examples of problematic flows:\n(a)\n\n idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_unmap_portal() is called on error exit path, but\n drv_enable_wq() returns 0 because idxd_wq_disable() succeeds. The\n driver is thus loaded successfully.\n\n idxd_dmaengine_drv_remove()->drv_disable_wq()->idxd_wq_unmap_portal()\n Above flow on driver unload triggers the WARN in devm_iounmap() because\n the device resource has already been removed during error path of\n drv_enable_wq().\n\n(b)\n\n idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_init_percpu_ref() is never called to initialize the percpu\n counter, yet the driver loads successfully because drv_enable_wq()\n returns 0.\n\n idxd_dmaengine_drv_remove()->__idxd_wq_quiesce()->percpu_ref_kill():\n Above flow on driver unload triggers a BUG when attempting to drop the\n initial ref of the uninitialized percpu ref:\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n\nFix the drv_enable_wq() error path by returning the original error that\nindicates failure of workqueue enabling. This ensures that the probe\nfails when an error is encountered and the driver remove paths are only\nattempted when the workqueue was enabled successfully.(CVE-2022-48868)\n\nIn the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issue a Set TR Dequeue Pointer for each, to ensure everything is reset properly and the caches cleared. Change the logic so that any N>1 TDs found active for different streams are deferred until after the first one is processed, calling xhci_invalidate_cancelled_tds() again from xhci_handle_cmd_set_deq() to queue another command until we are done with all of them. Also change the error/\"should never happen\" paths to ensure we at least clear any affected TDs, even if we can't issue a command to clear the hardware cache, and complain loudly with an xhci_warn() if this ever happens. This problem case dates back to commit e9df17eb1408 (\"USB: xhci: Correct assumptions about number of rings per endpoint.\") early on in the XHCI driver's life, when stream support was first added. It was then identified but not fixed nor made into a warning in commit 674f8438c121 (\"xhci: split handling halted endpoints into two steps\"), which added a FIXME comment for the problem case (without materially changing the behavior as far as I can tell, though the new logic made the problem more obvious). Then later, in commit 94f339147fc3 (\"xhci: Fix failure to give back some cached cancelled URBs.\"), it was acknowledged again. [Mathias: commit 94f339147fc3 (\"xhci: Fix failure to give back some cached cancelled URBs.\") was a targeted regression fix to the previously mentioned patch. Users reported issues with usb stuck after unmounting/disconnecting UAS devices. This rolled back the TD clearing of multiple streams to its original state.] Apparently the commit author was aware of the problem (yet still chose to submit it): It was still mentioned as a FIXME, an xhci_dbg() was added to log the problem condition, and the remaining issue was mentioned in the commit description. The choice of making the log type xhci_dbg() for what is, at this point, a completely unhandled and known broken condition is puzzling and unfortunate, as it guarantees that no actual users would see the log in production, thereby making it nigh undebuggable (indeed, even if you turn on DEBUG, the message doesn't really hint at there being a problem at all). It took me *months* of random xHC crashes to finally find a reliable repro and be able to do a deep dive debug session, which could all have been avoided had this unhandled, broken condition been actually reported with a warning, as it should have been as a bug intentionally left in unfixed (never mind that it shouldn't have been left in at all). > Another fix to solve clearing the caches of all stream rings with > cancelled TDs is needed, but not as urgent. 3 years after that statement and 14 years after the original bug was introduced, I think it's finally time to fix it. And maybe next time let's not leave bugs unfixed (that are actually worse than the original bug), and let's actually get people to review kernel commits please. Fixes xHC crashes and IOMMU faults with UAS devices when handling errors/faults. Easiest repro is to use `hdparm` to mark an early sector (e.g. 1024) on a disk as bad, then `cat /dev/sdX > /dev/null` in a loop. At least in the case of JMicron controllers, the read errors end up having to cancel two TDs (for two queued requests to different streams) and the one that didn't get cleared properly ends up faulting the xHC entirely when it tries to access DMA pages that have since been unmapped, referred to by the stale TDs. This normally happens quickly (after two or three loops). After this fix, I left the `cat` in a loop running overnight and experienced no xHC failures, with all read errors recovered properly. Repro'd and tested on an Apple M1 Mac Mini (dwc3 host). On systems without an IOMMU, this bug would instead silently corrupt freed memory, making this a ---truncated---(CVE-2024-40927)\n\nIn the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two reasons for this: first, the parameter value passed is greater than ocfs2_max_inline_data_with_xattr, second, the start and end parameters of ocfs2_truncate_inline are \"unsigned int\". So, we need to add a sanity check for byte_start and byte_len right before ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater than ocfs2_max_inline_data_with_xattr return -EINVAL.(CVE-2024-50218)\n\nIn the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. These instructions aren't intended to be advertised on Zen4 client so clear the capability.(CVE-2024-53114)\n\nIn the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + \"\\0\" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= ... 70 c_namesize 8 bytes Length of filename, including final \\0 When extracting an initramfs cpio archive, the kernel's do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. The ability to create an initramfs entry would imply already having full control of the system, so the buffer overrun shouldn't be considered a security vulnerability. Append the output of the following bash script to an existing initramfs and observe any created /initramfs_test_fname_overrunAA* path. E.g. ./reproducer.sh | gzip >> /myinitramfs It's easiest to observe non-zero uninitialized memory when the output is gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(), rather than the initrd_start+initrd_size block. ---- reproducer.sh ---- nilchar=\"A\" # change to \"\\0\" to properly zero terminate / pad magic=\"070701\" ino=1 mode=$(( 0100777 )) uid=0 gid=0 nlink=1 mtime=1 filesize=0 devmajor=0 devminor=1 rdevmajor=0 rdevminor=0 csum=0 fname=\"initramfs_test_fname_overrun\" namelen=$(( ${#fname} + 1 )) # plus one to account for terminator printf \"%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s\" \\ $magic $ino $mode $uid $gid $nlink $mtime $filesize \\ $devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname termpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) )) printf \"%.s${nilchar}\" $(seq 1 $termpadlen) ---- reproducer.sh ---- Symlink filename fields handled in do_symlink() won't overrun past the data segment, due to the explicit zero-termination of the symlink target. Fix filename buffer overrun by aborting the initramfs FSM if any cpio entry doesn't carry a zero-terminator at the expected (name_len - 1) offset.(CVE-2024-53142)", "category":"general", "title":"Description" }, { "text":"An update for kernel is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"kernel", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-2571", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2571" }, { "summary":"CVE-2022-48868", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48868&packageName=kernel" }, { "summary":"CVE-2024-40927", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40927&packageName=kernel" }, { "summary":"CVE-2024-50218", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50218&packageName=kernel" }, { "summary":"CVE-2024-53114", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53114&packageName=kernel" }, { "summary":"CVE-2024-53142", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53142&packageName=kernel" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48868" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40927" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50218" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53114" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53142" }, { "summary":"openEuler-SA-2024-2571 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-2571.json" } ], "title":"An update for kernel is now available for openEuler-22.03-LTS-SP4", "tracking":{ "initial_release_date":"2024-12-20T21:08:48+08:00", "revision_history":[ { "date":"2024-12-20T21:08:48+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2024-12-20T21:08:48+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-12-20T21:08:48+08:00", "id":"openEuler-SA-2024-2571", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"perf-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"perf-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"perf-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "name":"python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm" }, "name":"python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"perf-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"perf-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"perf-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "name":"python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm" }, "name":"python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"kernel-5.10.0-242.0.0.141.oe2203sp4.src.rpm", "name":"kernel-5.10.0-242.0.0.141.oe2203sp4.src.rpm" }, "name":"kernel-5.10.0-242.0.0.141.oe2203sp4.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"perf-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"perf-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "name":"python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"perf-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"perf-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "name":"python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"kernel-5.10.0-242.0.0.141.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src", "name":"kernel-5.10.0-242.0.0.141.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2022-48868", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Let probe fail when workqueue cannot be enabled\n\nThe workqueue is enabled when the appropriate driver is loaded and\ndisabled when the driver is removed. When the driver is removed it\nassumes that the workqueue was enabled successfully and proceeds to\nfree allocations made during workqueue enabling.\n\nFailure during workqueue enabling does not prevent the driver from\nbeing loaded. This is because the error path within drv_enable_wq()\nreturns success unless a second failure is encountered\nduring the error path. By returning success it is possible to load\nthe driver even if the workqueue cannot be enabled and\nallocations that do not exist are attempted to be freed during\ndriver remove.\n\nSome examples of problematic flows:\n(a)\n\n idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_unmap_portal() is called on error exit path, but\n drv_enable_wq() returns 0 because idxd_wq_disable() succeeds. The\n driver is thus loaded successfully.\n\n idxd_dmaengine_drv_remove()->drv_disable_wq()->idxd_wq_unmap_portal()\n Above flow on driver unload triggers the WARN in devm_iounmap() because\n the device resource has already been removed during error path of\n drv_enable_wq().\n\n(b)\n\n idxd_dmaengine_drv_probe() -> drv_enable_wq() -> idxd_wq_request_irq():\n In above flow, if idxd_wq_request_irq() fails then\n idxd_wq_init_percpu_ref() is never called to initialize the percpu\n counter, yet the driver loads successfully because drv_enable_wq()\n returns 0.\n\n idxd_dmaengine_drv_remove()->__idxd_wq_quiesce()->percpu_ref_kill():\n Above flow on driver unload triggers a BUG when attempting to drop the\n initial ref of the uninitialized percpu ref:\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n\nFix the drv_enable_wq() error path by returning the original error that\nindicates failure of workqueue enabling. This ensures that the probe\nfails when an error is encountered and the driver remove paths are only\nattempted when the workqueue was enabled successfully.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2571" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2022-48868" }, { "cve":"CVE-2024-40927", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Handle TD clearing for multiple streams case\n\nWhen multiple streams are in use, multiple TDs might be in flight when\nan endpoint is stopped. We need to issue a Set TR Dequeue Pointer for\neach, to ensure everything is reset properly and the caches cleared.\nChange the logic so that any N>1 TDs found active for different streams\nare deferred until after the first one is processed, calling\nxhci_invalidate_cancelled_tds() again from xhci_handle_cmd_set_deq() to\nqueue another command until we are done with all of them. Also change\nthe error/\"should never happen\" paths to ensure we at least clear any\naffected TDs, even if we can't issue a command to clear the hardware\ncache, and complain loudly with an xhci_warn() if this ever happens.\n\nThis problem case dates back to commit e9df17eb1408 (\"USB: xhci: Correct\nassumptions about number of rings per endpoint.\") early on in the XHCI\ndriver's life, when stream support was first added.\nIt was then identified but not fixed nor made into a warning in commit\n674f8438c121 (\"xhci: split handling halted endpoints into two steps\"),\nwhich added a FIXME comment for the problem case (without materially\nchanging the behavior as far as I can tell, though the new logic made\nthe problem more obvious).\n\nThen later, in commit 94f339147fc3 (\"xhci: Fix failure to give back some\ncached cancelled URBs.\"), it was acknowledged again.\n\n[Mathias: commit 94f339147fc3 (\"xhci: Fix failure to give back some cached\ncancelled URBs.\") was a targeted regression fix to the previously mentioned\npatch. Users reported issues with usb stuck after unmounting/disconnecting\nUAS devices. This rolled back the TD clearing of multiple streams to its\noriginal state.]\n\nApparently the commit author was aware of the problem (yet still chose\nto submit it): It was still mentioned as a FIXME, an xhci_dbg() was\nadded to log the problem condition, and the remaining issue was mentioned\nin the commit description. The choice of making the log type xhci_dbg()\nfor what is, at this point, a completely unhandled and known broken\ncondition is puzzling and unfortunate, as it guarantees that no actual\nusers would see the log in production, thereby making it nigh\nundebuggable (indeed, even if you turn on DEBUG, the message doesn't\nreally hint at there being a problem at all).\n\nIt took me *months* of random xHC crashes to finally find a reliable\nrepro and be able to do a deep dive debug session, which could all have\nbeen avoided had this unhandled, broken condition been actually reported\nwith a warning, as it should have been as a bug intentionally left in\nunfixed (never mind that it shouldn't have been left in at all).\n\n> Another fix to solve clearing the caches of all stream rings with\n> cancelled TDs is needed, but not as urgent.\n\n3 years after that statement and 14 years after the original bug was\nintroduced, I think it's finally time to fix it. And maybe next time\nlet's not leave bugs unfixed (that are actually worse than the original\nbug), and let's actually get people to review kernel commits please.\n\nFixes xHC crashes and IOMMU faults with UAS devices when handling\nerrors/faults. Easiest repro is to use `hdparm` to mark an early sector\n(e.g. 1024) on a disk as bad, then `cat /dev/sdX > /dev/null` in a loop.\nAt least in the case of JMicron controllers, the read errors end up\nhaving to cancel two TDs (for two queued requests to different streams)\nand the one that didn't get cleared properly ends up faulting the xHC\nentirely when it tries to access DMA pages that have since been unmapped,\nreferred to by the stale TDs. This normally happens quickly (after two\nor three loops). After this fix, I left the `cat` in a loop running\novernight and experienced no xHC failures, with all read errors\nrecovered properly. Repro'd and tested on an Apple M1 Mac Mini\n(dwc3 host).\n\nOn systems without an IOMMU, this bug would instead silently corrupt\nfreed memory, making this a\n---truncated---", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2571" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.6, "vectorString":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-40927" }, { "cve":"CVE-2024-50218", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: pass u64 to ocfs2_truncate_inline maybe overflow\n\nSyzbot reported a kernel BUG in ocfs2_truncate_inline. There are two\nreasons for this: first, the parameter value passed is greater than\nocfs2_max_inline_data_with_xattr, second, the start and end parameters of\nocfs2_truncate_inline are \"unsigned int\".\n\nSo, we need to add a sanity check for byte_start and byte_len right before\nocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater\nthan ocfs2_max_inline_data_with_xattr return -EINVAL.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2571" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.9, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2024-50218" }, { "cve":"CVE-2024-53114", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client\n\nA number of Zen4 client SoCs advertise the ability to use virtualized\nVMLOAD/VMSAVE, but using these instructions is reported to be a cause\nof a random host reboot.\n\nThese instructions aren't intended to be advertised on Zen4 client\nso clear the capability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2571" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53114" }, { "cve":"CVE-2024-53142", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ninitramfs: avoid filename buffer overrun\n\nThe initramfs filename field is defined in\nDocumentation/driver-api/early-userspace/buffer-format.rst as:\n\n 37 cpio_file := ALGN(4) + cpio_header + filename + \"\\0\" + ALGN(4) + data\n...\n 55 ============= ================== =========================\n 56 Field name Field size Meaning\n 57 ============= ================== =========================\n...\n 70 c_namesize 8 bytes Length of filename, including final \\0\n\nWhen extracting an initramfs cpio archive, the kernel's do_name() path\nhandler assumes a zero-terminated path at @collected, passing it\ndirectly to filp_open() / init_mkdir() / init_mknod().\n\nIf a specially crafted cpio entry carries a non-zero-terminated filename\nand is followed by uninitialized memory, then a file may be created with\ntrailing characters that represent the uninitialized memory. The ability\nto create an initramfs entry would imply already having full control of\nthe system, so the buffer overrun shouldn't be considered a security\nvulnerability.\n\nAppend the output of the following bash script to an existing initramfs\nand observe any created /initramfs_test_fname_overrunAA* path. E.g.\n ./reproducer.sh | gzip >> /myinitramfs\n\nIt's easiest to observe non-zero uninitialized memory when the output is\ngzipped, as it'll overflow the heap allocated @out_buf in __gunzip(),\nrather than the initrd_start+initrd_size block.\n\n---- reproducer.sh ----\nnilchar=\"A\"\t# change to \"\\0\" to properly zero terminate / pad\nmagic=\"070701\"\nino=1\nmode=$(( 0100777 ))\nuid=0\ngid=0\nnlink=1\nmtime=1\nfilesize=0\ndevmajor=0\ndevminor=1\nrdevmajor=0\nrdevminor=0\ncsum=0\nfname=\"initramfs_test_fname_overrun\"\nnamelen=$(( ${#fname} + 1 ))\t# plus one to account for terminator\n\nprintf \"%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s\" \\\n\t$magic $ino $mode $uid $gid $nlink $mtime $filesize \\\n\t$devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname\n\ntermpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) ))\nprintf \"%.s${nilchar}\" $(seq 1 $termpadlen)\n---- reproducer.sh ----\n\nSymlink filename fields handled in do_symlink() won't overrun past the\ndata segment, due to the explicit zero-termination of the symlink\ntarget.\n\nFix filename buffer overrun by aborting the initramfs FSM if any cpio\nentry doesn't carry a zero-terminator at the expected (name_len - 1)\noffset.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2571" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:bpftool-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-source-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-242.0.0.141.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:kernel-5.10.0-242.0.0.141.oe2203sp4.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-53142" } ] }