{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"kernel security update", "category":"general", "title":"Synopsis" }, { "text":"An update for kernel is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potencial out-of-bounds when buffer offset is invalid\n\nI found potencial out-of-bounds when buffer offset fields of a few requests\nis invalid. This patch set the minimum value of buffer offset field to\n->Buffer offset to validate buffer length.(CVE-2024-26952)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()\n\nIf ->NameOffset of smb2_create_req is smaller than Buffer offset of\nsmb2_create_req, slab-out-of-bounds read can happen from smb2_open.\nThis patch set the minimum value of the name offset to the buffer offset\nto validate name length of smb2_create_req().(CVE-2024-26954)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: improve shutdown sequence\n\nAlexander Sverdlin presents 2 problems during shutdown with the\nlan9303 driver. One is specific to lan9303 and the other just happens\nto reproduce there.\n\nThe first problem is that lan9303 is unique among DSA drivers in that it\ncalls dev_get_drvdata() at \"arbitrary runtime\" (not probe, not shutdown,\nnot remove):\n\nphy_state_machine()\n-> ...\n -> dsa_user_phy_read()\n -> ds->ops->phy_read()\n -> lan9303_phy_read()\n -> chip->ops->phy_read()\n -> lan9303_mdio_phy_read()\n -> dev_get_drvdata()\n\nBut we never stop the phy_state_machine(), so it may continue to run\nafter dsa_switch_shutdown(). Our common pattern in all DSA drivers is\nto set drvdata to NULL to suppress the remove() method that may come\nafterwards. But in this case it will result in an NPD.\n\nThe second problem is that the way in which we set\ndp->conduit->dsa_ptr = NULL; is concurrent with receive packet\nprocessing. dsa_switch_rcv() checks once whether dev->dsa_ptr is NULL,\nbut afterwards, rather than continuing to use that non-NULL value,\ndev->dsa_ptr is dereferenced again and again without NULL checks:\ndsa_conduit_find_user() and many other places. In between dereferences,\nthere is no locking to ensure that what was valid once continues to be\nvalid.\n\nBoth problems have the common aspect that closing the conduit interface\nsolves them.\n\nIn the first case, dev_close(conduit) triggers the NETDEV_GOING_DOWN\nevent in dsa_user_netdevice_event() which closes user ports as well.\ndsa_port_disable_rt() calls phylink_stop(), which synchronously stops\nthe phylink state machine, and ds->ops->phy_read() will thus no longer\ncall into the driver after this point.\n\nIn the second case, dev_close(conduit) should do this, as per\nDocumentation/networking/driver.rst:\n\n| Quiescence\n| ----------\n|\n| After the ndo_stop routine has been called, the hardware must\n| not receive or transmit any data. All in flight packets must\n| be aborted. If necessary, poll or wait for completion of\n| any reset commands.\n\nSo it should be sufficient to ensure that later, when we zeroize\nconduit->dsa_ptr, there will be no concurrent dsa_switch_rcv() call\non this conduit.\n\nThe addition of the netif_device_detach() function is to ensure that\nioctls, rtnetlinks and ethtool requests on the user ports no longer\npropagate down to the driver - we're no longer prepared to handle them.\n\nThe race condition actually did not exist when commit 0650bf52b31f\n(\"net: dsa: be compatible with masters which unregister on shutdown\")\nfirst introduced dsa_switch_shutdown(). It was created later, when we\nstopped unregistering the user interfaces from a bad spot, and we just\nreplaced that sequence with a racy zeroization of conduit->dsa_ptr\n(one which doesn't ensure that the interfaces aren't up).(CVE-2024-49998)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Vangogh: Fix kernel memory out of bounds write\n\nKASAN reports that the GPU metrics table allocated in\nvangogh_tables_init() is not large enough for the memset done in\nsmu_cmn_init_soft_gpu_metrics(). Condensed report follows:\n\n[ 33.861314] BUG: KASAN: slab-out-of-bounds in smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu]\n[ 33.861799] Write of size 168 at addr ffff888129f59500 by task mangoapp/1067\n...\n[ 33.861808] CPU: 6 UID: 1000 PID: 1067 Comm: mangoapp Tainted: G W 6.12.0-rc4 #356 1a56f59a8b5182eeaf67eb7cb8b13594dd23b544\n[ 33.861816] Tainted: [W]=WARN\n[ 33.861818] Hardware name: Valve Galileo/Galileo, BIOS F7G0107 12/01/2023\n[ 33.861822] Call Trace:\n[ 33.861826] \n[ 33.861829] dump_stack_lvl+0x66/0x90\n[ 33.861838] print_report+0xce/0x620\n[ 33.861853] kasan_report+0xda/0x110\n[ 33.862794] kasan_check_range+0xfd/0x1a0\n[ 33.862799] __asan_memset+0x23/0x40\n[ 33.862803] smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.863306] vangogh_get_gpu_metrics_v2_4+0x123/0xad0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.864257] vangogh_common_get_gpu_metrics+0xb0c/0xbc0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.865682] amdgpu_dpm_get_gpu_metrics+0xcc/0x110 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.866160] amdgpu_get_gpu_metrics+0x154/0x2d0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.867135] dev_attr_show+0x43/0xc0\n[ 33.867147] sysfs_kf_seq_show+0x1f1/0x3b0\n[ 33.867155] seq_read_iter+0x3f8/0x1140\n[ 33.867173] vfs_read+0x76c/0xc50\n[ 33.867198] ksys_read+0xfb/0x1d0\n[ 33.867214] do_syscall_64+0x90/0x160\n...\n[ 33.867353] Allocated by task 378 on cpu 7 at 22.794876s:\n[ 33.867358] kasan_save_stack+0x33/0x50\n[ 33.867364] kasan_save_track+0x17/0x60\n[ 33.867367] __kasan_kmalloc+0x87/0x90\n[ 33.867371] vangogh_init_smc_tables+0x3f9/0x840 [amdgpu]\n[ 33.867835] smu_sw_init+0xa32/0x1850 [amdgpu]\n[ 33.868299] amdgpu_device_init+0x467b/0x8d90 [amdgpu]\n[ 33.868733] amdgpu_driver_load_kms+0x19/0xf0 [amdgpu]\n[ 33.869167] amdgpu_pci_probe+0x2d6/0xcd0 [amdgpu]\n[ 33.869608] local_pci_probe+0xda/0x180\n[ 33.869614] pci_device_probe+0x43f/0x6b0\n\nEmpirically we can confirm that the former allocates 152 bytes for the\ntable, while the latter memsets the 168 large block.\n\nRoot cause appears that when GPU metrics tables for v2_4 parts were added\nit was not considered to enlarge the table to fit.\n\nThe fix in this patch is rather \"brute force\" and perhaps later should be\ndone in a smarter way, by extracting and consolidating the part version to\nsize logic to a common helper, instead of brute forcing the largest\npossible allocation. Nevertheless, for now this works and fixes the out of\nbounds write.\n\nv2:\n * Drop impossible v3_0 case. (Mario)\n\n(cherry picked from commit 0880f58f9609f0200483a49429af0f050d281703)(CVE-2024-50221)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f(CVE-2024-50304)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hdcp: Add encoder check in intel_hdcp_get_capability\n\nSometimes during hotplug scenario or suspend/resume scenario encoder is\nnot always initialized when intel_hdcp_get_capability add\na check to avoid kernel null pointer dereference.(CVE-2024-53051)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnommu: pass NULL argument to vma_iter_prealloc()\n\nWhen deleting a vma entry from a maple tree, it has to pass NULL to\nvma_iter_prealloc() in order to calculate internal state of the tree, but\nit passed a wrong argument. As a result, nommu kernels crashed upon\naccessing a vma iterator, such as acct_collect() reading the size of vma\nentries after do_munmap().\n\nThis commit fixes this issue by passing a right argument to the\npreallocation call.(CVE-2024-53109)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix NULL pointer dereference in alloc_pages_bulk_noprof\n\nWe triggered a NULL pointer dereference for ac.preferred_zoneref->zone in\nalloc_pages_bulk_noprof() when the task is migrated between cpusets.\n\nWhen cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be\n¤t->mems_allowed. when first_zones_zonelist() is called to find\npreferred_zoneref, the ac->nodemask may be modified concurrently if the\ntask is migrated between different cpusets. Assuming we have 2 NUMA Node,\nwhen traversing Node1 in ac->zonelist, the nodemask is 2, and when\ntraversing Node2 in ac->zonelist, the nodemask is 1. As a result, the\nac->preferred_zoneref points to NULL zone.\n\nIn alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a\nallowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading\nto NULL pointer dereference.\n\n__alloc_pages_noprof() fixes this issue by checking NULL pointer in commit\nea57485af8f4 (\"mm, page_alloc: fix check for NULL preferred_zone\") and\ncommit df76cee6bbeb (\"mm, page_alloc: remove redundant checks from alloc\nfastpath\").\n\nTo fix it, check NULL pointer for preferred_zoneref->zone.(CVE-2024-53113)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvirtio/vsock: Fix accept_queue memory leak\n\nAs the final stages of socket destruction may be delayed, it is possible\nthat virtio_transport_recv_listen() will be called after the accept_queue\nhas been flushed, but before the SOCK_DONE flag has been set. As a result,\nsockets enqueued after the flush would remain unremoved, leading to a\nmemory leak.\n\nvsock_release\n __vsock_release\n lock\n virtio_transport_release\n virtio_transport_close\n schedule_delayed_work(close_work)\n sk_shutdown = SHUTDOWN_MASK\n(!) flush accept_queue\n release\n virtio_transport_recv_pkt\n vsock_find_bound_socket\n lock\n if flag(SOCK_DONE) return\n virtio_transport_recv_listen\n child = vsock_create_connected\n (!) vsock_enqueue_accept(child)\n release\nclose_work\n lock\n virtio_transport_do_close\n set_flag(SOCK_DONE)\n virtio_transport_remove_sock\n vsock_remove_sock\n vsock_remove_bound\n release\n\nIntroduce a sk_shutdown check to disallow vsock_enqueue_accept() during\nsocket destruction.\n\nunreferenced object 0xffff888109e3f800 (size 2040):\n comm \"kworker/5:2\", pid 371, jiffies 4294940105\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............\n backtrace (crc 9e5f4e84):\n [] kmem_cache_alloc_noprof+0x2c1/0x360\n [] sk_prot_alloc+0x30/0x120\n [] sk_alloc+0x2c/0x4b0\n [] __vsock_create.constprop.0+0x2a/0x310\n [] virtio_transport_recv_pkt+0x4dc/0x9a0\n [] vsock_loopback_work+0xfd/0x140\n [] process_one_work+0x20c/0x570\n [] worker_thread+0x1bf/0x3a0\n [] kthread+0xdd/0x110\n [] ret_from_fork+0x2d/0x50\n [] ret_from_fork_asm+0x1a/0x30(CVE-2024-53119)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: CT: Fix null-ptr-deref in add rule err flow\n\nIn error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add()\ncallback returns error, zone_rule->attr is used uninitiated. Fix it to\nuse attr which has the needed pointer value.\n\nKernel log:\n BUG: kernel NULL pointer dereference, address: 0000000000000110\n RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n…\n Call Trace:\n \n ? __die+0x20/0x70\n ? page_fault_oops+0x150/0x3e0\n ? exc_page_fault+0x74/0x140\n ? asm_exc_page_fault+0x22/0x30\n ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core]\n mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core]\n ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n flow_offload_work_handler+0x142/0x320 [nf_flow_table]\n ? finish_task_switch.isra.0+0x15b/0x2b0\n process_one_work+0x16c/0x320\n worker_thread+0x28c/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xb8/0xf0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n (CVE-2024-53120)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: fs, lock FTE when checking if active\n\nThe referenced commits introduced a two-step process for deleting FTEs:\n\n- Lock the FTE, delete it from hardware, set the hardware deletion function\n to NULL and unlock the FTE.\n- Lock the parent flow group, delete the software copy of the FTE, and\n remove it from the xarray.\n\nHowever, this approach encounters a race condition if a rule with the same\nmatch value is added simultaneously. In this scenario, fs_core may set the\nhardware deletion function to NULL prematurely, causing a panic during\nsubsequent rule deletions.\n\nTo prevent this, ensure the active flag of the FTE is checked under a lock,\nwhich will prevent the fs_core layer from attaching a new steering rule to\nan FTE that is in the process of deletion.\n\n[ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func\n[ 438.968205] ------------[ cut here ]------------\n[ 438.968654] refcount_t: decrement hit 0; leaking memory.\n[ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110\n[ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower]\n[ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8\n[ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110\n[ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff <0f> 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90\n[ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286\n[ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000\n[ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0\n[ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0\n[ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0\n[ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0\n[ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000\n[ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0\n[ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 438.986507] Call Trace:\n[ 438.986799] \n[ 438.987070] ? __warn+0x7d/0x110\n[ 438.987426] ? refcount_warn_saturate+0xfb/0x110\n[ 438.987877] ? report_bug+0x17d/0x190\n[ 438.988261] ? prb_read_valid+0x17/0x20\n[ 438.988659] ? handle_bug+0x53/0x90\n[ 438.989054] ? exc_invalid_op+0x14/0x70\n[ 438.989458] ? asm_exc_invalid_op+0x16/0x20\n[ 438.989883] ? refcount_warn_saturate+0xfb/0x110\n[ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core]\n[ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core]\n[ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core]\n[ 438.992054] ? xas_load+0x9/0xb0\n[ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core]\n[ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core]\n[ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core]\n[ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core]\n[ 438.994728] tc_setup_cb_destroy+0xb9/0x190\n[ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower]\n[ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower]\n[ 438.996105] tc_new_tfilter+0x347/0xbc0\n[ 438.996503] ? __\n---truncated---(CVE-2024-53121)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: cope racing subflow creation in mptcp_rcv_space_adjust\n\nAdditional active subflows - i.e. created by the in kernel path\nmanager - are included into the subflow list before starting the\n3whs.\n\nA racing recvmsg() spooling data received on an already established\nsubflow would unconditionally call tcp_cleanup_rbuf() on all the\ncurrent subflows, potentially hitting a divide by zero error on\nthe newly created ones.\n\nExplicitly check that the subflow is in a suitable state before\ninvoking tcp_cleanup_rbuf().(CVE-2024-53122)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.(CVE-2024-53123)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix data-races around sk->sk_forward_alloc\n\nSyzkaller reported this warning:\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0\n Modules linked in:\n CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:inet_sock_destruct+0x1c5/0x1e0\n Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206\n RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007\n RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00\n RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007\n R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00\n R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78\n FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n ? __warn+0x88/0x130\n ? inet_sock_destruct+0x1c5/0x1e0\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? inet_sock_destruct+0x1c5/0x1e0\n __sk_destruct+0x2a/0x200\n rcu_do_batch+0x1aa/0x530\n ? rcu_do_batch+0x13b/0x530\n rcu_core+0x159/0x2f0\n handle_softirqs+0xd3/0x2b0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n run_ksoftirqd+0x25/0x30\n smpboot_thread_fn+0xdd/0x1d0\n kthread+0xd3/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n ---[ end trace 0000000000000000 ]---\n\nIts possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add()\nconcurrently when sk->sk_state == TCP_LISTEN with sk->sk_lock unlocked,\nwhich triggers a data-race around sk->sk_forward_alloc:\ntcp_v6_rcv\n tcp_v6_do_rcv\n skb_clone_and_charge_r\n sk_rmem_schedule\n __sk_mem_schedule\n sk_forward_alloc_add()\n skb_set_owner_r\n sk_mem_charge\n sk_forward_alloc_add()\n __kfree_skb\n skb_release_all\n skb_release_head_state\n sock_rfree\n sk_mem_uncharge\n sk_forward_alloc_add()\n sk_mem_reclaim\n // set local var reclaimable\n __sk_mem_reclaim\n sk_forward_alloc_add()\n\nIn this syzkaller testcase, two threads call\ntcp_v6_do_rcv() with skb->truesize=768, the sk_forward_alloc changes like\nthis:\n (cpu 1) | (cpu 2) | sk_forward_alloc\n ... | ... | 0\n __sk_mem_schedule() | | +4096 = 4096\n | __sk_mem_schedule() | +4096 = 8192\n sk_mem_charge() | | -768 = 7424\n | sk_mem_charge() | -768 = 6656\n ... | ... |\n sk_mem_uncharge() | | +768 = 7424\n reclaimable=7424 | |\n | sk_mem_uncharge() | +768 = 8192\n | reclaimable=8192 |\n __sk_mem_reclaim() | | -4096 = 4096\n | __sk_mem_reclaim() | -8192 = -4096 != 0\n\nThe skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when\nsk->sk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock().\nFix the same issue in dccp_v6_do_rcv().(CVE-2024-53124)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN\n\nHide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support\nfor virtualizing Intel PT via guest/host mode unless BROKEN=y. There are\nmyriad bugs in the implementation, some of which are fatal to the guest,\nand others which put the stability and health of the host at risk.\n\nFor guest fatalities, the most glaring issue is that KVM fails to ensure\ntracing is disabled, and *stays* disabled prior to VM-Enter, which is\nnecessary as hardware disallows loading (the guest's) RTIT_CTL if tracing\nis enabled (enforced via a VMX consistency check). Per the SDM:\n\n If the logical processor is operating with Intel PT enabled (if\n IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the \"load\n IA32_RTIT_CTL\" VM-entry control must be 0.\n\nOn the host side, KVM doesn't validate the guest CPUID configuration\nprovided by userspace, and even worse, uses the guest configuration to\ndecide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring\nguest CPUID to enumerate more address ranges than are supported in hardware\nwill result in KVM trying to passthrough, save, and load non-existent MSRs,\nwhich generates a variety of WARNs, ToPA ERRORs in the host, a potential\ndeadlock, etc.(CVE-2024-53135)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: kTLS, Fix incorrect page refcounting\n\nThe kTLS tx handling code is using a mix of get_page() and\npage_ref_inc() APIs to increment the page reference. But on the release\npath (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.\n\nThis is an issue when using pages from large folios: the get_page()\nreferences are stored on the folio page while the page_ref_inc()\nreferences are stored directly in the given page. On release the folio\npage will be dereferenced too many times.\n\nThis was found while doing kTLS testing with sendfile() + ZC when the\nserved file was read from NFS on a kernel with NFS large folios support\n(commit 49b29a573da8 (\"nfs: add support for large folios\")).(CVE-2024-53138)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix possible UAF in sctp_v6_available()\n\nA lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints\nthat sctp_v6_available() is calling dev_get_by_index_rcu()\nand ipv6_chk_addr() without holding rcu.\n\n[1]\n =============================\n WARNING: suspicious RCU usage\n 6.12.0-rc5-virtme #1216 Tainted: G W\n -----------------------------\n net/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by sctp_hello/31495:\n #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp\n\nstack backtrace:\n CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216\n Tainted: [W]=WARN\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \n dump_stack_lvl (lib/dump_stack.c:123)\n lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)\n dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7))\n sctp_v6_available (net/sctp/ipv6.c:701) sctp\n sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp\n sctp_bind (net/sctp/socket.c:320) sctp\n inet6_bind_sk (net/ipv6/af_inet6.c:465)\n ? security_socket_bind (security/security.c:4581 (discriminator 1))\n __sys_bind (net/socket.c:1848 net/socket.c:1869)\n ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340)\n ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13))\n __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1))\n do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n RIP: 0033:0x7f59b934a1e7\n Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48\nAll code\n========\n 0:\t44 00 00 \tadd %r8b,(%rax)\n 3:\t48 8b 15 39 8c 0c 00 \tmov 0xc8c39(%rip),%rdx # 0xc8c43\n a:\tf7 d8 \tneg %eax\n c:\t64 89 02 \tmov %eax,%fs:(%rdx)\n f:\tb8 ff ff ff ff \tmov $0xffffffff,%eax\n 14:\teb bd \tjmp 0xffffffffffffffd3\n 16:\t66 2e 0f 1f 84 00 00 \tcs nopw 0x0(%rax,%rax,1)\n 1d:\t00 00 00\n 20:\t0f 1f 00 \tnopl (%rax)\n 23:\tb8 31 00 00 00 \tmov $0x31,%eax\n 28:\t0f 05 \tsyscall\n 2a:*\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\t\t<-- trapping instruction\n 30:\t73 01 \tjae 0x33\n 32:\tc3 \tret\n 33:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c43\n 3a:\tf7 d8 \tneg %eax\n 3c:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 3f:\t48 \trex.W\n\nCode starting with the faulting instruction\n===========================================\n 0:\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\n 6:\t73 01 \tjae 0x9\n 8:\tc3 \tret\n 9:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c19\n 10:\tf7 d8 \tneg %eax\n 12:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 15:\t48 \trex.W\n RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031\n RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7\n RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000\n R10: 00007f59b9253298 R11: 000000000000\n---truncated---(CVE-2024-53139)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon't actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we're back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn't have to take a reference of its own.(CVE-2024-53140)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\num: Fix potential integer overflow during physmem setup\n\nThis issue happens when the real map size is greater than LONG_MAX,\nwhich can be easily triggered on UML/i386.(CVE-2024-53145)\n\nIn the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipeThis commit addresses a null pointer dereference issue indcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ( drm/amd/display:Add null check for pipe_ctx->plane_state in dcn20_program_pipe )partially fixed the null pointer dereference issue. However, indcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, andplane_state is accessed again through pipe_ctx. Multiple if statementsdirectly call attributes of plane_state, leading to potential nullpointer dereference issues. This patch adds necessary null checks toensure stability.(CVE-2024-53201)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible deadlocks\n\nThis fixes possible deadlocks like the following caused by\nhci_cmd_sync_dequeue causing the destroy function to run:\n\n INFO: task kworker/u19:0:143 blocked for more than 120 seconds.\n Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1\n \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000\n Workqueue: hci0 hci_cmd_sync_work [bluetooth]\n Call Trace:\n \n __schedule+0x374/0xaf0\n schedule+0x3c/0xf0\n schedule_preempt_disabled+0x1c/0x30\n __mutex_lock.constprop.0+0x3ef/0x7a0\n __mutex_lock_slowpath+0x13/0x20\n mutex_lock+0x3c/0x50\n mgmt_set_connectable_complete+0xa4/0x150 [bluetooth]\n ? kfree+0x211/0x2a0\n hci_cmd_sync_dequeue+0xae/0x130 [bluetooth]\n ? __pfx_cmd_complete_rsp+0x10/0x10 [bluetooth]\n cmd_complete_rsp+0x26/0x80 [bluetooth]\n mgmt_pending_foreach+0x4d/0x70 [bluetooth]\n __mgmt_power_off+0x8d/0x180 [bluetooth]\n ? _raw_spin_unlock_irq+0x23/0x40\n hci_dev_close_sync+0x445/0x5b0 [bluetooth]\n hci_set_powered_sync+0x149/0x250 [bluetooth]\n set_powered_sync+0x24/0x60 [bluetooth]\n hci_cmd_sync_work+0x90/0x150 [bluetooth]\n process_one_work+0x13e/0x300\n worker_thread+0x2f7/0x420\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x107/0x140\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x3d/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n (CVE-2024-53207)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix receive ring space parameters when XDP is active\n\nThe MTU setting at the time an XDP multi-buffer is attached\ndetermines whether the aggregation ring will be used and the\nrx_skb_func handler. This is done in bnxt_set_rx_skb_mode().\n\nIf the MTU is later changed, the aggregation ring setting may need\nto be changed and it may become out-of-sync with the settings\ninitially done in bnxt_set_rx_skb_mode(). This may result in\nrandom memory corruption and crashes as the HW may DMA data larger\nthan the allocated buffer size, such as:\n\nBUG: kernel NULL pointer dereference, address: 00000000000003c0\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 17 PID: 0 Comm: swapper/17 Kdump: loaded Tainted: G S OE 6.1.0-226bf9805506 #1\nHardware name: Wiwynn Delta Lake PVT BZA.02601.0150/Delta Lake-Class1, BIOS F0E_3A12 08/26/2021\nRIP: 0010:bnxt_rx_pkt+0xe97/0x1ae0 [bnxt_en]\nCode: 8b 95 70 ff ff ff 4c 8b 9d 48 ff ff ff 66 41 89 87 b4 00 00 00 e9 0b f7 ff ff 0f b7 43 0a 49 8b 95 a8 04 00 00 25 ff 0f 00 00 <0f> b7 14 42 48 c1 e2 06 49 03 95 a0 04 00 00 0f b6 42 33f\nRSP: 0018:ffffa19f40cc0d18 EFLAGS: 00010202\nRAX: 00000000000001e0 RBX: ffff8e2c805c6100 RCX: 00000000000007ff\nRDX: 0000000000000000 RSI: ffff8e2c271ab990 RDI: ffff8e2c84f12380\nRBP: ffffa19f40cc0e48 R08: 000000000001000d R09: 974ea2fcddfa4cbf\nR10: 0000000000000000 R11: ffffa19f40cc0ff8 R12: ffff8e2c94b58980\nR13: ffff8e2c952d6600 R14: 0000000000000016 R15: ffff8e2c271ab990\nFS: 0000000000000000(0000) GS:ffff8e3b3f840000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000003c0 CR3: 0000000e8580a004 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n __bnxt_poll_work+0x1c2/0x3e0 [bnxt_en]\n\nTo address the issue, we now call bnxt_set_rx_skb_mode() within\nbnxt_change_mtu() to properly set the AGG rings configuration and\nupdate rx_skb_func based on the new MTU value.\nAdditionally, BNXT_FLAG_NO_AGG_RINGS is cleared at the beginning of\nbnxt_set_rx_skb_mode() to make sure it gets set or cleared based on\nthe current MTU.(CVE-2024-53209)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nclk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs\n\nBase clocks are the first in being probed and are real dependencies of the\nrest of fixed, factor and peripheral clocks. For old ralink SoCs RT2880,\nRT305x and RT3883 'xtal' must be defined first since in any other case,\nwhen fixed clocks are probed they are delayed until 'xtal' is probed so the\nfollowing warning appears:\n\n WARNING: CPU: 0 PID: 0 at drivers/clk/ralink/clk-mtmips.c:499 rt3883_bus_recalc_rate+0x98/0x138\n Modules linked in:\n CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.43 #0\n Stack : 805e58d0 00000000 00000004 8004f950 00000000 00000004 00000000 00000000\n 80669c54 80830000 80700000 805ae570 80670068 00000001 80669bf8 00000000\n 00000000 00000000 805ae570 80669b38 00000020 804db7dc 00000000 00000000\n 203a6d6d 80669b78 80669e48 70617773 00000000 805ae570 00000000 00000009\n 00000000 00000001 00000004 00000001 00000000 00000000 83fe43b0 00000000\n ...\n Call Trace:\n [<800065d0>] show_stack+0x64/0xf4\n [<804bca14>] dump_stack_lvl+0x38/0x60\n [<800218ac>] __warn+0x94/0xe4\n [<8002195c>] warn_slowpath_fmt+0x60/0x94\n [<80259ff8>] rt3883_bus_recalc_rate+0x98/0x138\n [<80254530>] __clk_register+0x568/0x688\n [<80254838>] of_clk_hw_register+0x18/0x2c\n [<8070b910>] rt2880_clk_of_clk_init_driver+0x18c/0x594\n [<8070b628>] of_clk_init+0x1c0/0x23c\n [<806fc448>] plat_time_init+0x58/0x18c\n [<806fdaf0>] time_init+0x10/0x6c\n [<806f9bc4>] start_kernel+0x458/0x67c\n\n ---[ end trace 0000000000000000 ]---\n\nWhen this driver was mainlined we could not find any active users of old\nralink SoCs so we cannot perform any real tests for them. Now, one user\nof a Belkin f9k1109 version 1 device which uses RT3883 SoC appeared and\nreported some issues in openWRT:\n- https://github.com/openwrt/openwrt/issues/16054\n\nThus, define a 'rt2880_xtal_recalc_rate()' just returning the expected\nfrequency 40Mhz and use it along the old ralink SoCs to have a correct\nboot trace with no warnings and a working clock plan from the beggining.(CVE-2024-53223)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix use-after-free in device_for_each_child()\n\nSyzbot has reported the following KASAN splat:\n\nBUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0\nRead of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980\n\nCPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x100/0x190\n ? device_for_each_child+0x18f/0x1a0\n print_report+0x13a/0x4cb\n ? __virt_addr_valid+0x5e/0x590\n ? __phys_addr+0xc6/0x150\n ? device_for_each_child+0x18f/0x1a0\n kasan_report+0xda/0x110\n ? device_for_each_child+0x18f/0x1a0\n ? __pfx_dev_memalloc_noio+0x10/0x10\n device_for_each_child+0x18f/0x1a0\n ? __pfx_device_for_each_child+0x10/0x10\n pm_runtime_set_memalloc_noio+0xf2/0x180\n netdev_unregister_kobject+0x1ed/0x270\n unregister_netdevice_many_notify+0x123c/0x1d80\n ? __mutex_trylock_common+0xde/0x250\n ? __pfx_unregister_netdevice_many_notify+0x10/0x10\n ? trace_contention_end+0xe6/0x140\n ? __mutex_lock+0x4e7/0x8f0\n ? __pfx_lock_acquire.part.0+0x10/0x10\n ? rcu_is_watching+0x12/0xc0\n ? unregister_netdev+0x12/0x30\n unregister_netdevice_queue+0x30d/0x3f0\n ? __pfx_unregister_netdevice_queue+0x10/0x10\n ? __pfx_down_write+0x10/0x10\n unregister_netdev+0x1c/0x30\n bnep_session+0x1fb3/0x2ab0\n ? __pfx_bnep_session+0x10/0x10\n ? __pfx_lock_release+0x10/0x10\n ? __pfx_woken_wake_function+0x10/0x10\n ? __kthread_parkme+0x132/0x200\n ? __pfx_bnep_session+0x10/0x10\n ? kthread+0x13a/0x370\n ? __pfx_bnep_session+0x10/0x10\n kthread+0x2b7/0x370\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x48/0x80\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\nAllocated by task 4974:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n __kmalloc_noprof+0x1d1/0x440\n hci_alloc_dev_priv+0x1d/0x2820\n __vhci_create_device+0xef/0x7d0\n vhci_write+0x2c7/0x480\n vfs_write+0x6a0/0xfc0\n ksys_write+0x12f/0x260\n do_syscall_64+0xc7/0x250\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 4979:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x4f/0x70\n kfree+0x141/0x490\n hci_release_dev+0x4d9/0x600\n bt_host_release+0x6a/0xb0\n device_release+0xa4/0x240\n kobject_put+0x1ec/0x5a0\n put_device+0x1f/0x30\n vhci_release+0x81/0xf0\n __fput+0x3f6/0xb30\n task_work_run+0x151/0x250\n do_exit+0xa79/0x2c30\n do_group_exit+0xd5/0x2a0\n get_signal+0x1fcd/0x2210\n arch_do_signal_or_restart+0x93/0x780\n syscall_exit_to_user_mode+0x140/0x290\n do_syscall_64+0xd4/0x250\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nIn 'hci_conn_del_sysfs()', 'device_unregister()' may be called when\nan underlying (kobject) reference counter is greater than 1. This\nmeans that reparenting (happened when the device is actually freed)\nis delayed and, during that delay, parent controller device (hciX)\nmay be deleted. Since the latter may create a dangling pointer to\nfreed parent, avoid that scenario by reparenting to NULL explicitly.(CVE-2024-53237)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal()\n\nMove pm_runtime_set_active() to ivpu_pm_init() so when\nivpu_ipc_send_receive_internal() is executed before ivpu_pm_enable()\nit already has correct runtime state, even if last resume was\nnot successful..(CVE-2024-54193)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer\n\nThe AD7923 was updated to support devices with 8 channels, but the size\nof tx_buf and ring_xfer was not increased accordingly, leading to a\npotential buffer overflow in ad7923_update_scan_mode().(CVE-2024-56557)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nad7780: fix division by zero in ad7780_write_raw()\n\nIn the ad7780_write_raw() , val2 can be zero, which might lead to a\ndivision by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw()\nis based on iio_info's write_raw. While val is explicitly declared that\ncan be zero (in read mode), val2 is not specified to be non-zero.(CVE-2024-56567)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix not checking skb length on hci_acldata_packet\n\nThis fixes not checking if skb really contains an ACL header otherwise\nthe code may attempt to access some uninitilized/invalid memory past the\nvalid skb->data.(CVE-2024-56590)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix OOB map writes when deleting elements\n\nJordy says:\n\n\"\nIn the xsk_map_delete_elem function an unsigned integer\n(map->max_entries) is compared with a user-controlled signed integer\n(k). Due to implicit type conversion, a large unsigned value for\nmap->max_entries can bypass the intended bounds check:\n\n\tif (k >= map->max_entries)\n\t\treturn -EINVAL;\n\nThis allows k to hold a negative value (between -2147483648 and -2),\nwhich is then used as an array index in m->xsk_map[k], which results\nin an out-of-bounds access.\n\n\tspin_lock_bh(&m->lock);\n\tmap_entry = &m->xsk_map[k]; // Out-of-bounds map_entry\n\told_xs = unrcu_pointer(xchg(map_entry, NULL)); // Oob write\n\tif (old_xs)\n\t\txsk_map_sock_delete(old_xs, map_entry);\n\tspin_unlock_bh(&m->lock);\n\nThe xchg operation can then be used to cause an out-of-bounds write.\nMoreover, the invalid map_entry passed to xsk_map_sock_delete can lead\nto further memory corruption.\n\"\n\nIt indeed results in following splat:\n\n[76612.897343] BUG: unable to handle page fault for address: ffffc8fc2e461108\n[76612.904330] #PF: supervisor write access in kernel mode\n[76612.909639] #PF: error_code(0x0002) - not-present page\n[76612.914855] PGD 0 P4D 0\n[76612.917431] Oops: Oops: 0002 [#1] PREEMPT SMP\n[76612.921859] CPU: 11 UID: 0 PID: 10318 Comm: a.out Not tainted 6.12.0-rc1+ #470\n[76612.929189] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[76612.939781] RIP: 0010:xsk_map_delete_elem+0x2d/0x60\n[76612.944738] Code: 00 00 41 54 55 53 48 63 2e 3b 6f 24 73 38 4c 8d a7 f8 00 00 00 48 89 fb 4c 89 e7 e8 2d bf 05 00 48 8d b4 eb 00 01 00 00 31 ff <48> 87 3e 48 85 ff 74 05 e8 16 ff ff ff 4c 89 e7 e8 3e bc 05 00 31\n[76612.963774] RSP: 0018:ffffc9002e407df8 EFLAGS: 00010246\n[76612.969079] RAX: 0000000000000000 RBX: ffffc9002e461000 RCX: 0000000000000000\n[76612.976323] RDX: 0000000000000001 RSI: ffffc8fc2e461108 RDI: 0000000000000000\n[76612.983569] RBP: ffffffff80000001 R08: 0000000000000000 R09: 0000000000000007\n[76612.990812] R10: ffffc9002e407e18 R11: ffff888108a38858 R12: ffffc9002e4610f8\n[76612.998060] R13: ffff888108a38858 R14: 00007ffd1ae0ac78 R15: ffffc9002e4610c0\n[76613.005303] FS: 00007f80b6f59740(0000) GS:ffff8897e0ec0000(0000) knlGS:0000000000000000\n[76613.013517] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[76613.019349] CR2: ffffc8fc2e461108 CR3: 000000011e3ef001 CR4: 00000000007726f0\n[76613.026595] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[76613.033841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[76613.041086] PKRU: 55555554\n[76613.043842] Call Trace:\n[76613.046331] \n[76613.048468] ? __die+0x20/0x60\n[76613.051581] ? page_fault_oops+0x15a/0x450\n[76613.055747] ? search_extable+0x22/0x30\n[76613.059649] ? search_bpf_extables+0x5f/0x80\n[76613.063988] ? exc_page_fault+0xa9/0x140\n[76613.067975] ? asm_exc_page_fault+0x22/0x30\n[76613.072229] ? xsk_map_delete_elem+0x2d/0x60\n[76613.076573] ? xsk_map_delete_elem+0x23/0x60\n[76613.080914] __sys_bpf+0x19b7/0x23c0\n[76613.084555] __x64_sys_bpf+0x1a/0x20\n[76613.088194] do_syscall_64+0x37/0xb0\n[76613.091832] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n[76613.096962] RIP: 0033:0x7f80b6d1e88d\n[76613.100592] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48\n[76613.119631] RSP: 002b:00007ffd1ae0ac68 EFLAGS: 00000206 ORIG_RAX: 0000000000000141\n[76613.131330] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80b6d1e88d\n[76613.142632] RDX: 0000000000000098 RSI: 00007ffd1ae0ad20 RDI: 0000000000000003\n[76613.153967] RBP: 00007ffd1ae0adc0 R08: 0000000000000000 R09: 0000000000000000\n[76613.166030] R10: 00007f80b6f77040 R11: 0000000000000206 R12: 00007ffd1ae0aed8\n[76613.177130] R13: 000055ddf42ce1e9 R14: 000055ddf42d0d98 R15: 00\n---truncated---(CVE-2024-56614)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix use after free on unload\n\nSystem crash is observed with stack trace warning of use after\nfree. There are 2 signals to tell dpc_thread to terminate (UNLOADING\nflag and kthread_stop).\n\nOn setting the UNLOADING flag when dpc_thread happens to run at the time\nand sees the flag, this causes dpc_thread to exit and clean up\nitself. When kthread_stop is called for final cleanup, this causes use\nafter free.\n\nRemove UNLOADING signal to terminate dpc_thread. Use the kthread_stop\nas the main signal to exit dpc_thread.\n\n[596663.812935] kernel BUG at mm/slub.c:294!\n[596663.812950] invalid opcode: 0000 [#1] SMP PTI\n[596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1\n[596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012\n[596663.812974] RIP: 0010:__slab_free+0x17d/0x360\n\n...\n[596663.813008] Call Trace:\n[596663.813022] ? __dentry_kill+0x121/0x170\n[596663.813030] ? _cond_resched+0x15/0x30\n[596663.813034] ? _cond_resched+0x15/0x30\n[596663.813039] ? wait_for_completion+0x35/0x190\n[596663.813048] ? try_to_wake_up+0x63/0x540\n[596663.813055] free_task+0x5a/0x60\n[596663.813061] kthread_stop+0xf3/0x100\n[596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx](CVE-2024-56623)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.(CVE-2024-56640)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: initialize close_work early to avoid warning\n\nWe encountered a warning that close_work was canceled before\ninitialization.\n\n WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0\n Workqueue: events smc_lgr_terminate_work [smc]\n RIP: 0010:__flush_work+0x19e/0x1b0\n Call Trace:\n ? __wake_up_common+0x7a/0x190\n ? work_busy+0x80/0x80\n __cancel_work_timer+0xe3/0x160\n smc_close_cancel_work+0x1a/0x70 [smc]\n smc_close_active_abort+0x207/0x360 [smc]\n __smc_lgr_terminate.part.38+0xc8/0x180 [smc]\n process_one_work+0x19e/0x340\n worker_thread+0x30/0x370\n ? process_one_work+0x340/0x340\n kthread+0x117/0x130\n ? __kthread_cancel_work+0x50/0x50\n ret_from_fork+0x22/0x30\n\nThis is because when smc_close_cancel_work is triggered, e.g. the RDMA\ndriver is rmmod and the LGR is terminated, the conn->close_work is\nflushed before initialization, resulting in WARN_ON(!work->func).\n\n__smc_lgr_terminate | smc_connect_{rdma|ism}\n-------------------------------------------------------------\n | smc_conn_create\n\t\t\t\t| \\- smc_lgr_register_conn\nfor conn in lgr->conns_all |\n\\- smc_conn_kill |\n \\- smc_close_active_abort |\n \\- smc_close_cancel_work |\n \\- cancel_work_sync |\n \\- __flush_work |\n\t (close_work) |\n\t | smc_close_init\n\t | \\- INIT_WORK(&close_work)\n\nSo fix this by initializing close_work before establishing the\nconnection.(CVE-2024-56641)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btmtk: avoid UAF in btmtk_process_coredump\n\nhci_devcd_append may lead to the release of the skb, so it cannot be\naccessed once it is called.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in btmtk_process_coredump+0x2a7/0x2d0 [btmtk]\nRead of size 4 at addr ffff888033cfabb0 by task kworker/0:3/82\n\nCPU: 0 PID: 82 Comm: kworker/0:3 Tainted: G U 6.6.40-lockdep-03464-g1d8b4eb3060e #1 b0b3c1cc0c842735643fb411799d97921d1f688c\nHardware name: Google Yaviks_Ufs/Yaviks_Ufs, BIOS Google_Yaviks_Ufs.15217.552.0 05/07/2024\nWorkqueue: events btusb_rx_work [btusb]\nCall Trace:\n \n dump_stack_lvl+0xfd/0x150\n print_report+0x131/0x780\n kasan_report+0x177/0x1c0\n btmtk_process_coredump+0x2a7/0x2d0 [btmtk 03edd567dd71a65958807c95a65db31d433e1d01]\n btusb_recv_acl_mtk+0x11c/0x1a0 [btusb 675430d1e87c4f24d0c1f80efe600757a0f32bec]\n btusb_rx_work+0x9e/0xe0 [btusb 675430d1e87c4f24d0c1f80efe600757a0f32bec]\n worker_thread+0xe44/0x2cc0\n kthread+0x2ff/0x3a0\n ret_from_fork+0x51/0x80\n ret_from_fork_asm+0x1b/0x30\n \n\nAllocated by task 82:\n stack_trace_save+0xdc/0x190\n kasan_set_track+0x4e/0x80\n __kasan_slab_alloc+0x4e/0x60\n kmem_cache_alloc+0x19f/0x360\n skb_clone+0x132/0xf70\n btusb_recv_acl_mtk+0x104/0x1a0 [btusb]\n btusb_rx_work+0x9e/0xe0 [btusb]\n worker_thread+0xe44/0x2cc0\n kthread+0x2ff/0x3a0\n ret_from_fork+0x51/0x80\n ret_from_fork_asm+0x1b/0x30\n\nFreed by task 1733:\n stack_trace_save+0xdc/0x190\n kasan_set_track+0x4e/0x80\n kasan_save_free_info+0x28/0xb0\n ____kasan_slab_free+0xfd/0x170\n kmem_cache_free+0x183/0x3f0\n hci_devcd_rx+0x91a/0x2060 [bluetooth]\n worker_thread+0xe44/0x2cc0\n kthread+0x2ff/0x3a0\n ret_from_fork+0x51/0x80\n ret_from_fork_asm+0x1b/0x30\n\nThe buggy address belongs to the object at ffff888033cfab40\n which belongs to the cache skbuff_head_cache of size 232\nThe buggy address is located 112 bytes inside of\n freed 232-byte region [ffff888033cfab40, ffff888033cfac28)\n\nThe buggy address belongs to the physical page:\npage:00000000a174ba93 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33cfa\nhead:00000000a174ba93 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nanon flags: 0x4000000000000840(slab|head|zone=1)\npage_type: 0xffffffff()\nraw: 4000000000000840 ffff888100848a00 0000000000000000 0000000000000001\nraw: 0000000000000000 0000000080190019 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888033cfaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc\n ffff888033cfab00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb\n>ffff888033cfab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888033cfac00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc\n ffff888033cfac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n==================================================================\n\nCheck if we need to call hci_devcd_complete before calling\nhci_devcd_append. That requires that we check data->cd_info.cnt >=\nMTK_COREDUMP_NUM instead of data->cd_info.cnt > MTK_COREDUMP_NUM, as we\nincrement data->cd_info.cnt only once the call to hci_devcd_append\nsucceeds.(CVE-2024-56653)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()\n\nDuring early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE,\nsince pageblock_order is still zero and it gets initialized\nlater during initmem_init() e.g.\nsetup_arch() -> initmem_init() -> sparse_init() -> set_pageblock_order()\n\nOne such use case where this causes issue is -\nearly_setup() -> early_init_devtree() -> fadump_reserve_mem() -> fadump_cma_init()\n\nThis causes CMA memory alignment check to be bypassed in\ncma_init_reserved_mem(). Then later cma_activate_area() can hit\na VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) if the reserved memory\narea was not pageblock_order aligned.\n\nFix it by moving the fadump_cma_init() after initmem_init(),\nwhere other such cma reservations also gets called.\n\n\n==============\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10010\nflags: 0x13ffff800000000(node=1|zone=0|lastcpupid=0x7ffff) CMA\nraw: 013ffff800000000 5deadbeef0000100 5deadbeef0000122 0000000000000000\nraw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(pfn & ((1 << order) - 1))\n------------[ cut here ]------------\nkernel BUG at mm/page_alloc.c:778!\n\nCall Trace:\n__free_one_page+0x57c/0x7b0 (unreliable)\nfree_pcppages_bulk+0x1a8/0x2c8\nfree_unref_page_commit+0x3d4/0x4e4\nfree_unref_page+0x458/0x6d0\ninit_cma_reserved_pageblock+0x114/0x198\ncma_init_reserved_areas+0x270/0x3e0\ndo_one_initcall+0x80/0x2f8\nkernel_init_freeable+0x33c/0x530\nkernel_init+0x34/0x26c\nret_from_kernel_user_thread+0x14/0x1c(CVE-2024-56677)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: Fix hardware lockup on first Rx endpoint request\n\nThere is a possibility that a request's callback could be invoked from\nusb_ep_queue() (call trace below, supplemented with missing calls):\n\nreq->complete from usb_gadget_giveback_request\n\t(drivers/usb/gadget/udc/core.c:999)\nusb_gadget_giveback_request from musb_g_giveback\n\t(drivers/usb/musb/musb_gadget.c:147)\nmusb_g_giveback from rxstate\n\t(drivers/usb/musb/musb_gadget.c:784)\nrxstate from musb_ep_restart\n\t(drivers/usb/musb/musb_gadget.c:1169)\nmusb_ep_restart from musb_ep_restart_resume_work\n\t(drivers/usb/musb/musb_gadget.c:1176)\nmusb_ep_restart_resume_work from musb_queue_resume_work\n\t(drivers/usb/musb/musb_core.c:2279)\nmusb_queue_resume_work from musb_gadget_queue\n\t(drivers/usb/musb/musb_gadget.c:1241)\nmusb_gadget_queue from usb_ep_queue\n\t(drivers/usb/gadget/udc/core.c:300)\n\nAccording to the docstring of usb_ep_queue(), this should not happen:\n\n\"Note that @req's ->complete() callback must never be called from within\nusb_ep_queue() as that can create deadlock situations.\"\n\nIn fact, a hardware lockup might occur in the following sequence:\n\n1. The gadget is initialized using musb_gadget_enable().\n2. Meanwhile, a packet arrives, and the RXPKTRDY flag is set, raising an\n interrupt.\n3. If IRQs are enabled, the interrupt is handled, but musb_g_rx() finds an\n empty queue (next_request() returns NULL). The interrupt flag has\n already been cleared by the glue layer handler, but the RXPKTRDY flag\n remains set.\n4. The first request is enqueued using usb_ep_queue(), leading to the call\n of req->complete(), as shown in the call trace above.\n5. If the callback enables IRQs and another packet is waiting, step (3)\n repeats. The request queue is empty because usb_g_giveback() removes the\n request before invoking the callback.\n6. The endpoint remains locked up, as the interrupt triggered by hardware\n setting the RXPKTRDY flag has been handled, but the flag itself remains\n set.\n\nFor this scenario to occur, it is only necessary for IRQs to be enabled at\nsome point during the complete callback. This happens with the USB Ethernet\ngadget, whose rx_complete() callback calls netif_rx(). If called in the\ntask context, netif_rx() disables the bottom halves (BHs). When the BHs are\nre-enabled, IRQs are also enabled to allow soft IRQs to be processed. The\ngadget itself is initialized at module load (or at boot if built-in), but\nthe first request is enqueued when the network interface is brought up,\ntriggering rx_complete() in the task context via ioctl(). If a packet\narrives while the interface is down, it can prevent the interface from\nreceiving any further packets from the USB host.\n\nThe situation is quite complicated with many parties involved. This\nparticular issue can be resolved in several possible ways:\n\n1. Ensure that callbacks never enable IRQs. This would be difficult to\n enforce, as discovering how netif_rx() interacts with interrupts was\n already quite challenging and u_ether is not the only function driver.\n Similar \"bugs\" could be hidden in other drivers as well.\n2. Disable MUSB interrupts in musb_g_giveback() before calling the callback\n and re-enable them afterwars (by calling musb_{dis,en}able_interrupts(),\n for example). This would ensure that MUSB interrupts are not handled\n during the callback, even if IRQs are enabled. In fact, it would allow\n IRQs to be enabled when releasing the lock. However, this feels like an\n inelegant hack.\n3. Modify the interrupt handler to clear the RXPKTRDY flag if the request\n queue is empty. While this approach also feels like a hack, it wastes\n CPU time by attempting to handle incoming packets when the software is\n not ready to process them.\n4. Flush the Rx FIFO instead of calling rxstate() in musb_ep_restart().\n This ensures that the hardware can receive packets when there is at\n least one request in the queue. Once I\n---truncated---(CVE-2024-56687)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport\n\nSince transport->sock has been set to NULL during reset transport,\nXPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the\nxs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request()\nto dereference the transport->sock that has been set to NULL.(CVE-2024-56688)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix dtl_access_lock to be a rw_semaphore\n\nThe dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because\nthe code calls kmalloc() while holding it, which can sleep:\n\n # echo 1 > /proc/powerpc/vcpudispatch_stats\n BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh\n preempt_count: 1, expected: 0\n 3 locks held by sh/199:\n #0: c00000000a0743f8 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x324/0x438\n #1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+0xd4/0x5f4\n #2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+0x220/0x5f4\n CPU: 0 PID: 199 Comm: sh Not tainted 6.10.0-rc4 #152\n Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries\n Call Trace:\n dump_stack_lvl+0x130/0x148 (unreliable)\n __might_resched+0x174/0x410\n kmem_cache_alloc_noprof+0x340/0x3d0\n alloc_dtl_buffers+0x124/0x1ac\n vcpudispatch_stats_write+0x2a8/0x5f4\n proc_reg_write+0xf4/0x150\n vfs_write+0xfc/0x438\n ksys_write+0x88/0x148\n system_call_exception+0x1c4/0x5a0\n system_call_common+0xf4/0x258(CVE-2024-56701)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev->next should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30(CVE-2024-56718)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Initialize cfid->tcon before performing network ops\n\nAvoid leaking a tcon ref when a lease break races with opening the\ncached directory. Processing the leak break might take a reference to\nthe tcon in cached_dir_lease_break() and then fail to release the ref in\ncached_dir_offload_close, since cfid->tcon is still NULL.(CVE-2024-56729)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice..(CVE-2024-56758)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg\n\nSyzbot reports [1] an uninitialized value issue found by KMSAN in\ndib3000_read_reg().\n\nLocal u8 rb[2] is used in i2c_transfer() as a read buffer; in case\nthat call fails, the buffer may end up with some undefined values.\n\nSince no elaborate error handling is expected in dib3000_write_reg(),\nsimply zero out rb buffer to mitigate the problem.\n\n[1] Syzkaller report\ndvb-usb: bulk message failed: -22 (6/0)\n=====================================================\nBUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758\n dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758\n dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31\n dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290\n dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline]\n dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline]\n dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310\n dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110\n...\nLocal variable rb created at:\n dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54\n dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758\n...(CVE-2024-56769)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur\n\nThe action force umount(umount -f) will attempt to kill all rpc_task even\numount operation may ultimately fail if some files remain open.\nConsequently, if an action attempts to open a file, it can potentially\nsend two rpc_task to nfs server.\n\n NFS CLIENT\nthread1 thread2\nopen(\"file\")\n...\nnfs4_do_open\n _nfs4_do_open\n _nfs4_open_and_get_state\n _nfs4_proc_open\n nfs4_run_open_task\n /* rpc_task1 */\n rpc_run_task\n rpc_wait_for_completion_task\n\n umount -f\n nfs_umount_begin\n rpc_killall_tasks\n rpc_signal_task\n rpc_task1 been wakeup\n and return -512\n _nfs4_do_open // while loop\n ...\n nfs4_run_open_task\n /* rpc_task2 */\n rpc_run_task\n rpc_wait_for_completion_task\n\nWhile processing an open request, nfsd will first attempt to find or\nallocate an nfs4_openowner. If it finds an nfs4_openowner that is not\nmarked as NFS4_OO_CONFIRMED, this nfs4_openowner will released. Since\ntwo rpc_task can attempt to open the same file simultaneously from the\nclient to server, and because two instances of nfsd can run\nconcurrently, this situation can lead to lots of memory leak.\nAdditionally, when we echo 0 to /proc/fs/nfsd/threads, warning will be\ntriggered.\n\n NFS SERVER\nnfsd1 nfsd2 echo 0 > /proc/fs/nfsd/threads\n\nnfsd4_open\n nfsd4_process_open1\n find_or_alloc_open_stateowner\n // alloc oo1, stateid1\n nfsd4_open\n nfsd4_process_open1\n find_or_alloc_open_stateowner\n // find oo1, without NFS4_OO_CONFIRMED\n release_openowner\n unhash_openowner_locked\n list_del_init(&oo->oo_perclient)\n // cannot find this oo\n // from client, LEAK!!!\n alloc_stateowner // alloc oo2\n\n nfsd4_process_open2\n init_open_stateid\n // associate oo1\n // with stateid1, stateid1 LEAK!!!\n nfs4_get_vfs_file\n // alloc nfsd_file1 and nfsd_file_mark1\n // all LEAK!!!\n\n nfsd4_process_open2\n ...\n\n write_threads\n ...\n nfsd_destroy_serv\n nfsd_shutdown_net\n nfs4_state_shutdown_net\n nfs4_state_destroy_net\n destroy_client\n __destroy_client\n // won't find oo1!!!\n nfsd_shutdown_generic\n nfsd_file_cache_shutdown\n kmem_cache_destroy\n for nfsd_file_slab\n and nfsd_file_mark_slab\n // bark since nfsd_file1\n // and nfsd_file_mark1\n // still alive\n\n=======================================================================\nBUG nfsd_file (Not tainted): Objects remaining in nfsd_file on\n__kmem_cache_shutdown()\n-----------------------------------------------------------------------\n\nSlab 0xffd4000004438a80 objects=34 used=1 fp=0xff11000110e2ad28\nflags=0x17ffffc0000240(workingset|head|node=0|zone=2|lastcpupid=0x1fffff)\nCPU: 4 UID: 0 PID: 757 Comm: sh Not tainted 6.12.0-rc6+ #19\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nCall Trace:\n \n dum\n---truncated---(CVE-2024-56779)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nPCI: imx6: Fix suspend/resume support on i.MX6QDL\n\nThe suspend/resume functionality is currently broken on the i.MX6QDL\nplatform, as documented in the NXP errata (ERR005723):\n\n https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf\n\nThis patch addresses the issue by sharing most of the suspend/resume\nsequences used by other i.MX devices, while avoiding modifications to\ncritical registers that disrupt the PCIe functionality. It targets the\nsame problem as the following downstream commit:\n\n https://github.com/nxp-imx/linux-imx/commit/4e92355e1f79d225ea842511fcfd42b343b32995\n\nUnlike the downstream commit, this patch also resets the connected PCIe\ndevice if possible. Without this reset, certain drivers, such as ath10k\nor iwlwifi, will crash on resume. The device reset is also done by the\ndriver on other i.MX platforms, making this patch consistent with\nexisting practices.\n\nUpon resuming, the kernel will hang and display an error. Here's an\nexample of the error encountered with the ath10k driver:\n\n ath10k_pci 0000:01:00.0: Unable to change power state from D3hot to D0, device inaccessible\n Unhandled fault: imprecise external abort (0x1406) at 0x0106f944\n\nWithout this patch, suspend/resume will fail on i.MX6QDL devices if a\nPCIe device is connected.\n\n[kwilczynski: commit log, added tag for stable releases](CVE-2024-57809)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\narm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL\n\nCurrently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl'\nvariable, and a SETREGSET call with a length of zero will leave this\nuninitialized. Consequently tagged_addr_ctrl_set() will consume an\narbitrary value, potentially leaking up to 64 bits of memory from the\nkernel stack. The read is limited to a specific slot on the stack, and\nthe issue does not provide a write mechanism.\n\nAs set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and\nrejects other values, a partial SETREGSET attempt will randomly succeed\nor fail depending on the value of the uninitialized value, and the\nexposure is significantly limited.\n\nFix this by initializing the temporary value before copying the regset\nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,\nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing\nvalue of the tagged address ctrl will be retained.\n\nThe NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the\nuser_aarch64_view used by a native AArch64 task to manipulate another\nnative AArch64 task. As get_tagged_addr_ctrl() only returns an error\nvalue when called for a compat task, tagged_addr_ctrl_get() and\ntagged_addr_ctrl_set() should never observe an error value from\nget_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that\nsuch an error would be unexpected, and error handlnig is not missing in\neither case.(CVE-2024-57874)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix slab-use-after-free due to dangling pointer dqi_priv\n\nWhen mounting ocfs2 and then remounting it as read-only, a\nslab-use-after-free occurs after the user uses a syscall to\nquota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the\ndangling pointer.\n\nDuring the remounting process, the pointer dqi_priv is freed but is never\nset as null leaving it to be accessed. Additionally, the read-only option\nfor remounting sets the DQUOT_SUSPENDED flag instead of setting the\nDQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the\nnext quota, the function ocfs2_get_next_id is called and only checks the\nquota usage flags and not the quota suspended flags.\n\nTo fix this, I set dqi_priv to null when it is freed after remounting with\nread-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id.\n\n[akpm@linux-foundation.org: coding-style cleanups](CVE-2024-57892)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ti-ads8688: fix information leak in triggered buffer\n\nThe 'buffer' local array is used to push data to user space from a\ntriggered buffer, but it does not set values for inactive channels, as\nit only uses iio_for_each_active_channel() to assign new values.\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace.(CVE-2024-57906)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\niio: light: vcnl4035: fix information leak in triggered buffer\n\nThe 'buffer' local array is used to push data to userspace from a\ntriggered buffer, but it does not set an initial value for the single\ndata element, which is an u16 aligned to 8 bytes. That leaves at least\n4 bytes uninitialized even after writing an integer value with\nregmap_read().\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace.(CVE-2024-57910)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntopology: Keep the cpumask unchanged when printing cpumap\n\nDuring fuzz testing, the following warning was discovered:\n\n different return values (15 and 11) from vsnprintf(\"%*pbl\n \", ...)\n\n test:keyward is WARNING in kvasprintf\n WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130\n Call Trace:\n kvasprintf+0x121/0x130\n kasprintf+0xa6/0xe0\n bitmap_print_to_buf+0x89/0x100\n core_siblings_list_read+0x7e/0xb0\n kernfs_file_read_iter+0x15b/0x270\n new_sync_read+0x153/0x260\n vfs_read+0x215/0x290\n ksys_read+0xb9/0x160\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nThe call trace shows that kvasprintf() reported this warning during the\nprinting of core_siblings_list. kvasprintf() has several steps:\n\n (1) First, calculate the length of the resulting formatted string.\n\n (2) Allocate a buffer based on the returned length.\n\n (3) Then, perform the actual string formatting.\n\n (4) Check whether the lengths of the formatted strings returned in\n steps (1) and (2) are consistent.\n\nIf the core_cpumask is modified between steps (1) and (3), the lengths\nobtained in these two steps may not match. Indeed our test includes cpu\nhotplugging, which should modify core_cpumask while printing.\n\nTo fix this issue, cache the cpumask into a temporary variable before\ncalling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged\nduring the printing process.(CVE-2024-57917)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add check for granularity in dml ceil/floor helpers\n\n[Why]\nWrapper functions for dcn_bw_ceil2() and dcn_bw_floor2()\nshould check for granularity is non zero to avoid assert and\ndivide-by-zero error in dcn_bw_ functions.\n\n[How]\nAdd check for granularity 0.\n\n(cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec)(CVE-2024-57922)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err\n\nThe pointer need to be set to NULL, otherwise KASAN complains about\nuse-after-free. Because in mtk_drm_bind, all private's drm are set\nas follows.\n\nprivate->all_drm_private[i]->drm = drm;\n\nAnd drm will be released by drm_dev_put in case mtk_drm_kms_init returns\nfailure. However, the shutdown path still accesses the previous allocated\nmemory in drm_atomic_helper_shutdown.\n\n[ 84.874820] watchdog: watchdog0: watchdog did not stop!\n[ 86.512054] ==================================================================\n[ 86.513162] BUG: KASAN: use-after-free in drm_atomic_helper_shutdown+0x33c/0x378\n[ 86.514258] Read of size 8 at addr ffff0000d46fc068 by task shutdown/1\n[ 86.515213]\n[ 86.515455] CPU: 1 UID: 0 PID: 1 Comm: shutdown Not tainted 6.13.0-rc1-mtk+gfa1a78e5d24b-dirty #55\n[ 86.516752] Hardware name: Unknown Product/Unknown Product, BIOS 2022.10 10/01/2022\n[ 86.517960] Call trace:\n[ 86.518333] show_stack+0x20/0x38 (C)\n[ 86.518891] dump_stack_lvl+0x90/0xd0\n[ 86.519443] print_report+0xf8/0x5b0\n[ 86.519985] kasan_report+0xb4/0x100\n[ 86.520526] __asan_report_load8_noabort+0x20/0x30\n[ 86.521240] drm_atomic_helper_shutdown+0x33c/0x378\n[ 86.521966] mtk_drm_shutdown+0x54/0x80\n[ 86.522546] platform_shutdown+0x64/0x90\n[ 86.523137] device_shutdown+0x260/0x5b8\n[ 86.523728] kernel_restart+0x78/0xf0\n[ 86.524282] __do_sys_reboot+0x258/0x2f0\n[ 86.524871] __arm64_sys_reboot+0x90/0xd8\n[ 86.525473] invoke_syscall+0x74/0x268\n[ 86.526041] el0_svc_common.constprop.0+0xb0/0x240\n[ 86.526751] do_el0_svc+0x4c/0x70\n[ 86.527251] el0_svc+0x4c/0xc0\n[ 86.527719] el0t_64_sync_handler+0x144/0x168\n[ 86.528367] el0t_64_sync+0x198/0x1a0\n[ 86.528920]\n[ 86.529157] The buggy address belongs to the physical page:\n[ 86.529972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000d46fd4d0 pfn:0x1146fc\n[ 86.531319] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff)\n[ 86.532267] raw: 0bfffc0000000000 0000000000000000 dead000000000122 0000000000000000\n[ 86.533390] raw: ffff0000d46fd4d0 0000000000000000 00000000ffffffff 0000000000000000\n[ 86.534511] page dumped because: kasan: bad access detected\n[ 86.535323]\n[ 86.535559] Memory state around the buggy address:\n[ 86.536265] ffff0000d46fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.537314] ffff0000d46fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.538363] >ffff0000d46fc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.544733] ^\n[ 86.551057] ffff0000d46fc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.557510] ffff0000d46fc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.563928] ==================================================================\n[ 86.571093] Disabling lock debugging due to kernel taint\n[ 86.577642] Unable to handle kernel paging request at virtual address e0e9c0920000000b\n[ 86.581834] KASAN: maybe wild-memory-access in range [0x0752049000000058-0x075204900000005f]\n...(CVE-2024-57926)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Ensure shadow stack is active before \"getting\" registers\n\nThe x86 shadow stack support has its own set of registers. Those registers\nare XSAVE-managed, but they are \"supervisor state components\" which means\nthat userspace can not touch them with XSAVE/XRSTOR. It also means that\nthey are not accessible from the existing ptrace ABI for XSAVE state.\nThus, there is a new ptrace get/set interface for it.\n\nThe regset code that ptrace uses provides an ->active() handler in\naddition to the get/set ones. For shadow stack this ->active() handler\nverifies that shadow stack is enabled via the ARCH_SHSTK_SHSTK bit in the\nthread struct. The ->active() handler is checked from some call sites of\nthe regset get/set handlers, but not the ptrace ones. This was not\nunderstood when shadow stack support was put in place.\n\nAs a result, both the set/get handlers can be called with\nXFEATURE_CET_USER in its init state, which would cause get_xsave_addr() to\nreturn NULL and trigger a WARN_ON(). The ssp_set() handler luckily has an\nssp_active() check to avoid surprising the kernel with shadow stack\nbehavior when the kernel is not ready for it (ARCH_SHSTK_SHSTK==0). That\ncheck just happened to avoid the warning.\n\nBut the ->get() side wasn't so lucky. It can be called with shadow stacks\ndisabled, triggering the warning in practice, as reported by Christina\nSchimpe:\n\nWARNING: CPU: 5 PID: 1773 at arch/x86/kernel/fpu/regset.c:198 ssp_get+0x89/0xa0\n[...]\nCall Trace:\n\n? show_regs+0x6e/0x80\n? ssp_get+0x89/0xa0\n? __warn+0x91/0x150\n? ssp_get+0x89/0xa0\n? report_bug+0x19d/0x1b0\n? handle_bug+0x46/0x80\n? exc_invalid_op+0x1d/0x80\n? asm_exc_invalid_op+0x1f/0x30\n? __pfx_ssp_get+0x10/0x10\n? ssp_get+0x89/0xa0\n? ssp_get+0x52/0xa0\n__regset_get+0xad/0xf0\ncopy_regset_to_user+0x52/0xc0\nptrace_regset+0x119/0x140\nptrace_request+0x13c/0x850\n? wait_task_inactive+0x142/0x1d0\n? do_syscall_64+0x6d/0x90\narch_ptrace+0x102/0x300\n[...]\n\nEnsure that shadow stacks are active in a thread before looking them up\nin the XSAVE buffer. Since ARCH_SHSTK_SHSTK and user_ssp[SHSTK_EN] are\nset at the same time, the active check ensures that there will be\nsomething to find in the XSAVE buffer.\n\n[ dhansen: changelog/subject tweaks ](CVE-2025-21632)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: avoid NULL pointer dereference if no valid extent tree\n\n[BUG]\nSyzbot reported a crash with the following call trace:\n\n BTRFS info (device loop0): scrub: started on devid 1\n BUG: kernel NULL pointer dereference, address: 0000000000000208\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 UID: 0 PID: 689 Comm: repro Kdump: loaded Tainted: G O 6.13.0-rc4-custom+ #206\n Tainted: [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022\n RIP: 0010:find_first_extent_item+0x26/0x1f0 [btrfs]\n Call Trace:\n \n scrub_find_fill_first_stripe+0x13d/0x3b0 [btrfs]\n scrub_simple_mirror+0x175/0x260 [btrfs]\n scrub_stripe+0x5d4/0x6c0 [btrfs]\n scrub_chunk+0xbb/0x170 [btrfs]\n scrub_enumerate_chunks+0x2f4/0x5f0 [btrfs]\n btrfs_scrub_dev+0x240/0x600 [btrfs]\n btrfs_ioctl+0x1dc8/0x2fa0 [btrfs]\n ? do_sys_openat2+0xa5/0xf0\n __x64_sys_ioctl+0x97/0xc0\n do_syscall_64+0x4f/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \n\n[CAUSE]\nThe reproducer is using a corrupted image where extent tree root is\ncorrupted, thus forcing to use \"rescue=all,ro\" mount option to mount the\nimage.\n\nThen it triggered a scrub, but since scrub relies on extent tree to find\nwhere the data/metadata extents are, scrub_find_fill_first_stripe()\nrelies on an non-empty extent root.\n\nBut unfortunately scrub_find_fill_first_stripe() doesn't really expect\nan NULL pointer for extent root, it use extent_root to grab fs_info and\ntriggered a NULL pointer dereference.\n\n[FIX]\nAdd an extra check for a valid extent root at the beginning of\nscrub_find_fill_first_stripe().\n\nThe new error path is introduced by 42437a6386ff (\"btrfs: introduce\nmount option rescue=ignorebadroots\"), but that's pretty old, and later\ncommit b979547513ff (\"btrfs: scrub: introduce helper to find and fill\nsector info for a scrub_stripe\") changed how we do scrub.\n\nSo for kernels older than 6.6, the fix will need manual backport.(CVE-2025-21658)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk->transport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().(CVE-2025-21670)", "category":"general", "title":"Description" }, { "text":"An update for kernel is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"kernel", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1093", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" }, { "summary":"CVE-2024-26952", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26952&packageName=kernel" }, { "summary":"CVE-2024-26954", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26954&packageName=kernel" }, { "summary":"CVE-2024-49998", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-49998&packageName=kernel" }, { "summary":"CVE-2024-50221", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50221&packageName=kernel" }, { "summary":"CVE-2024-50304", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50304&packageName=kernel" }, { "summary":"CVE-2024-53051", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53051&packageName=kernel" }, { "summary":"CVE-2024-53109", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53109&packageName=kernel" }, { "summary":"CVE-2024-53113", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53113&packageName=kernel" }, { "summary":"CVE-2024-53119", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53119&packageName=kernel" }, { "summary":"CVE-2024-53120", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53120&packageName=kernel" }, { "summary":"CVE-2024-53121", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53121&packageName=kernel" }, { "summary":"CVE-2024-53122", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53122&packageName=kernel" }, { "summary":"CVE-2024-53123", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53123&packageName=kernel" }, { "summary":"CVE-2024-53124", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53124&packageName=kernel" }, { "summary":"CVE-2024-53135", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53135&packageName=kernel" }, { "summary":"CVE-2024-53138", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53138&packageName=kernel" }, { "summary":"CVE-2024-53139", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53139&packageName=kernel" }, { "summary":"CVE-2024-53140", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53140&packageName=kernel" }, { "summary":"CVE-2024-53145", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53145&packageName=kernel" }, { "summary":"CVE-2024-53201", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53201&packageName=kernel" }, { "summary":"CVE-2024-53207", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53207&packageName=kernel" }, { "summary":"CVE-2024-53209", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53209&packageName=kernel" }, { "summary":"CVE-2024-53223", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53223&packageName=kernel" }, { "summary":"CVE-2024-53237", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-53237&packageName=kernel" }, { "summary":"CVE-2024-54193", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-54193&packageName=kernel" }, { "summary":"CVE-2024-56557", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56557&packageName=kernel" }, { "summary":"CVE-2024-56567", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56567&packageName=kernel" }, { "summary":"CVE-2024-56590", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56590&packageName=kernel" }, { "summary":"CVE-2024-56614", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56614&packageName=kernel" }, { "summary":"CVE-2024-56623", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56623&packageName=kernel" }, { "summary":"CVE-2024-56640", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56640&packageName=kernel" }, { "summary":"CVE-2024-56641", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56641&packageName=kernel" }, { "summary":"CVE-2024-56653", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56653&packageName=kernel" }, { "summary":"CVE-2024-56677", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56677&packageName=kernel" }, { "summary":"CVE-2024-56687", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56687&packageName=kernel" }, { "summary":"CVE-2024-56688", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56688&packageName=kernel" }, { "summary":"CVE-2024-56701", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56701&packageName=kernel" }, { "summary":"CVE-2024-56718", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56718&packageName=kernel" }, { "summary":"CVE-2024-56729", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56729&packageName=kernel" }, { "summary":"CVE-2024-56758", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56758&packageName=kernel" }, { "summary":"CVE-2024-56769", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56769&packageName=kernel" }, { "summary":"CVE-2024-56779", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56779&packageName=kernel" }, { "summary":"CVE-2024-57809", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57809&packageName=kernel" }, { "summary":"CVE-2024-57874", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57874&packageName=kernel" }, { "summary":"CVE-2024-57892", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57892&packageName=kernel" }, { "summary":"CVE-2024-57906", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57906&packageName=kernel" }, { "summary":"CVE-2024-57910", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57910&packageName=kernel" }, { "summary":"CVE-2024-57917", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57917&packageName=kernel" }, { "summary":"CVE-2024-57922", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57922&packageName=kernel" }, { "summary":"CVE-2024-57926", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57926&packageName=kernel" }, { "summary":"CVE-2025-21632", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-21632&packageName=kernel" }, { "summary":"CVE-2025-21658", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-21658&packageName=kernel" }, { "summary":"CVE-2025-21670", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-21670&packageName=kernel" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26952" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26954" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49998" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50221" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50304" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53051" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53109" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53113" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53119" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53120" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53121" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53122" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53123" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53124" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53135" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53138" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53139" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53140" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53145" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53201" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53207" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53209" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53223" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53237" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54193" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56557" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56567" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56590" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56614" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56623" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56640" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56641" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56653" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56677" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56687" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56688" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56701" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56718" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56729" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56758" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56769" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56779" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57809" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57874" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57892" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57906" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57910" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57917" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57922" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57926" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21632" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21658" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21670" }, { "summary":"openEuler-SA-2025-1093 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1093.json" } ], "title":"An update for kernel is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2025-02-08T20:33:45+08:00", "revision_history":[ { "date":"2025-02-08T20:33:45+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-02-08T20:33:45+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-02-08T20:33:45+08:00", "id":"openEuler-SA-2025-1093", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"perf-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"perf-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"perf-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "name":"python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm" }, "name":"python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"perf-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"perf-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"perf-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "name":"python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm" }, "name":"python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"kernel-6.6.0-76.0.0.80.oe2403sp1.src.rpm", "name":"kernel-6.6.0-76.0.0.80.oe2403sp1.src.rpm" }, "name":"kernel-6.6.0-76.0.0.80.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"perf-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"perf-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "name":"python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"perf-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"perf-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "name":"python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"kernel-6.6.0-76.0.0.80.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src", "name":"kernel-6.6.0-76.0.0.80.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-26952", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potencial out-of-bounds when buffer offset is invalid\n\nI found potencial out-of-bounds when buffer offset fields of a few requests\nis invalid. This patch set the minimum value of buffer offset field to\n->Buffer offset to validate buffer length.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-26952" }, { "cve":"CVE-2024-26954", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()\n\nIf ->NameOffset of smb2_create_req is smaller than Buffer offset of\nsmb2_create_req, slab-out-of-bounds read can happen from smb2_open.\nThis patch set the minimum value of the name offset to the buffer offset\nto validate name length of smb2_create_req().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-26954" }, { "cve":"CVE-2024-49998", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: improve shutdown sequence\n\nAlexander Sverdlin presents 2 problems during shutdown with the\nlan9303 driver. One is specific to lan9303 and the other just happens\nto reproduce there.\n\nThe first problem is that lan9303 is unique among DSA drivers in that it\ncalls dev_get_drvdata() at \"arbitrary runtime\" (not probe, not shutdown,\nnot remove):\n\nphy_state_machine()\n-> ...\n -> dsa_user_phy_read()\n -> ds->ops->phy_read()\n -> lan9303_phy_read()\n -> chip->ops->phy_read()\n -> lan9303_mdio_phy_read()\n -> dev_get_drvdata()\n\nBut we never stop the phy_state_machine(), so it may continue to run\nafter dsa_switch_shutdown(). Our common pattern in all DSA drivers is\nto set drvdata to NULL to suppress the remove() method that may come\nafterwards. But in this case it will result in an NPD.\n\nThe second problem is that the way in which we set\ndp->conduit->dsa_ptr = NULL; is concurrent with receive packet\nprocessing. dsa_switch_rcv() checks once whether dev->dsa_ptr is NULL,\nbut afterwards, rather than continuing to use that non-NULL value,\ndev->dsa_ptr is dereferenced again and again without NULL checks:\ndsa_conduit_find_user() and many other places. In between dereferences,\nthere is no locking to ensure that what was valid once continues to be\nvalid.\n\nBoth problems have the common aspect that closing the conduit interface\nsolves them.\n\nIn the first case, dev_close(conduit) triggers the NETDEV_GOING_DOWN\nevent in dsa_user_netdevice_event() which closes user ports as well.\ndsa_port_disable_rt() calls phylink_stop(), which synchronously stops\nthe phylink state machine, and ds->ops->phy_read() will thus no longer\ncall into the driver after this point.\n\nIn the second case, dev_close(conduit) should do this, as per\nDocumentation/networking/driver.rst:\n\n| Quiescence\n| ----------\n|\n| After the ndo_stop routine has been called, the hardware must\n| not receive or transmit any data. All in flight packets must\n| be aborted. If necessary, poll or wait for completion of\n| any reset commands.\n\nSo it should be sufficient to ensure that later, when we zeroize\nconduit->dsa_ptr, there will be no concurrent dsa_switch_rcv() call\non this conduit.\n\nThe addition of the netif_device_detach() function is to ensure that\nioctls, rtnetlinks and ethtool requests on the user ports no longer\npropagate down to the driver - we're no longer prepared to handle them.\n\nThe race condition actually did not exist when commit 0650bf52b31f\n(\"net: dsa: be compatible with masters which unregister on shutdown\")\nfirst introduced dsa_switch_shutdown(). It was created later, when we\nstopped unregistering the user interfaces from a bad spot, and we just\nreplaced that sequence with a racy zeroization of conduit->dsa_ptr\n(one which doesn't ensure that the interfaces aren't up).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-49998" }, { "cve":"CVE-2024-50221", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Vangogh: Fix kernel memory out of bounds write\n\nKASAN reports that the GPU metrics table allocated in\nvangogh_tables_init() is not large enough for the memset done in\nsmu_cmn_init_soft_gpu_metrics(). Condensed report follows:\n\n[ 33.861314] BUG: KASAN: slab-out-of-bounds in smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu]\n[ 33.861799] Write of size 168 at addr ffff888129f59500 by task mangoapp/1067\n...\n[ 33.861808] CPU: 6 UID: 1000 PID: 1067 Comm: mangoapp Tainted: G W 6.12.0-rc4 #356 1a56f59a8b5182eeaf67eb7cb8b13594dd23b544\n[ 33.861816] Tainted: [W]=WARN\n[ 33.861818] Hardware name: Valve Galileo/Galileo, BIOS F7G0107 12/01/2023\n[ 33.861822] Call Trace:\n[ 33.861826] \n[ 33.861829] dump_stack_lvl+0x66/0x90\n[ 33.861838] print_report+0xce/0x620\n[ 33.861853] kasan_report+0xda/0x110\n[ 33.862794] kasan_check_range+0xfd/0x1a0\n[ 33.862799] __asan_memset+0x23/0x40\n[ 33.862803] smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.863306] vangogh_get_gpu_metrics_v2_4+0x123/0xad0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.864257] vangogh_common_get_gpu_metrics+0xb0c/0xbc0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.865682] amdgpu_dpm_get_gpu_metrics+0xcc/0x110 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.866160] amdgpu_get_gpu_metrics+0x154/0x2d0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.867135] dev_attr_show+0x43/0xc0\n[ 33.867147] sysfs_kf_seq_show+0x1f1/0x3b0\n[ 33.867155] seq_read_iter+0x3f8/0x1140\n[ 33.867173] vfs_read+0x76c/0xc50\n[ 33.867198] ksys_read+0xfb/0x1d0\n[ 33.867214] do_syscall_64+0x90/0x160\n...\n[ 33.867353] Allocated by task 378 on cpu 7 at 22.794876s:\n[ 33.867358] kasan_save_stack+0x33/0x50\n[ 33.867364] kasan_save_track+0x17/0x60\n[ 33.867367] __kasan_kmalloc+0x87/0x90\n[ 33.867371] vangogh_init_smc_tables+0x3f9/0x840 [amdgpu]\n[ 33.867835] smu_sw_init+0xa32/0x1850 [amdgpu]\n[ 33.868299] amdgpu_device_init+0x467b/0x8d90 [amdgpu]\n[ 33.868733] amdgpu_driver_load_kms+0x19/0xf0 [amdgpu]\n[ 33.869167] amdgpu_pci_probe+0x2d6/0xcd0 [amdgpu]\n[ 33.869608] local_pci_probe+0xda/0x180\n[ 33.869614] pci_device_probe+0x43f/0x6b0\n\nEmpirically we can confirm that the former allocates 152 bytes for the\ntable, while the latter memsets the 168 large block.\n\nRoot cause appears that when GPU metrics tables for v2_4 parts were added\nit was not considered to enlarge the table to fit.\n\nThe fix in this patch is rather \"brute force\" and perhaps later should be\ndone in a smarter way, by extracting and consolidating the part version to\nsize logic to a common helper, instead of brute forcing the largest\npossible allocation. Nevertheless, for now this works and fixes the out of\nbounds write.\n\nv2:\n * Drop impossible v3_0 case. (Mario)\n\n(cherry picked from commit 0880f58f9609f0200483a49429af0f050d281703)", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-50221" }, { "cve":"CVE-2024-50304", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()\n\nThe per-netns IP tunnel hash table is protected by the RTNL mutex and\nip_tunnel_find() is only called from the control path where the mutex is\ntaken.\n\nAdd a lockdep expression to hlist_for_each_entry_rcu() in\nip_tunnel_find() in order to validate that the mutex is held and to\nsilence the suspicious RCU usage warning [1].\n\n[1]\nWARNING: suspicious RCU usage\n6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted\n-----------------------------\nnet/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by ip/362:\n #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60\n\nstack backtrace:\nCPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139\nHardware name: Bochs Bochs, BIOS Bochs 01/01/2011\nCall Trace:\n \n dump_stack_lvl+0xba/0x110\n lockdep_rcu_suspicious.cold+0x4f/0xd6\n ip_tunnel_find+0x435/0x4d0\n ip_tunnel_newlink+0x517/0x7a0\n ipgre_newlink+0x14c/0x170\n __rtnl_newlink+0x1173/0x19c0\n rtnl_newlink+0x6c/0xa0\n rtnetlink_rcv_msg+0x3cc/0xf60\n netlink_rcv_skb+0x171/0x450\n netlink_unicast+0x539/0x7f0\n netlink_sendmsg+0x8c1/0xd80\n ____sys_sendmsg+0x8f9/0xc20\n ___sys_sendmsg+0x197/0x1e0\n __sys_sendmsg+0x122/0x1f0\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-50304" }, { "cve":"CVE-2024-53051", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hdcp: Add encoder check in intel_hdcp_get_capability\n\nSometimes during hotplug scenario or suspend/resume scenario encoder is\nnot always initialized when intel_hdcp_get_capability add\na check to avoid kernel null pointer dereference.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53051" }, { "cve":"CVE-2024-53109", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnommu: pass NULL argument to vma_iter_prealloc()\n\nWhen deleting a vma entry from a maple tree, it has to pass NULL to\nvma_iter_prealloc() in order to calculate internal state of the tree, but\nit passed a wrong argument. As a result, nommu kernels crashed upon\naccessing a vma iterator, such as acct_collect() reading the size of vma\nentries after do_munmap().\n\nThis commit fixes this issue by passing a right argument to the\npreallocation call.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53109" }, { "cve":"CVE-2024-53113", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix NULL pointer dereference in alloc_pages_bulk_noprof\n\nWe triggered a NULL pointer dereference for ac.preferred_zoneref->zone in\nalloc_pages_bulk_noprof() when the task is migrated between cpusets.\n\nWhen cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be\n¤t->mems_allowed. when first_zones_zonelist() is called to find\npreferred_zoneref, the ac->nodemask may be modified concurrently if the\ntask is migrated between different cpusets. Assuming we have 2 NUMA Node,\nwhen traversing Node1 in ac->zonelist, the nodemask is 2, and when\ntraversing Node2 in ac->zonelist, the nodemask is 1. As a result, the\nac->preferred_zoneref points to NULL zone.\n\nIn alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a\nallowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading\nto NULL pointer dereference.\n\n__alloc_pages_noprof() fixes this issue by checking NULL pointer in commit\nea57485af8f4 (\"mm, page_alloc: fix check for NULL preferred_zone\") and\ncommit df76cee6bbeb (\"mm, page_alloc: remove redundant checks from alloc\nfastpath\").\n\nTo fix it, check NULL pointer for preferred_zoneref->zone.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53113" }, { "cve":"CVE-2024-53119", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio/vsock: Fix accept_queue memory leak\n\nAs the final stages of socket destruction may be delayed, it is possible\nthat virtio_transport_recv_listen() will be called after the accept_queue\nhas been flushed, but before the SOCK_DONE flag has been set. As a result,\nsockets enqueued after the flush would remain unremoved, leading to a\nmemory leak.\n\nvsock_release\n __vsock_release\n lock\n virtio_transport_release\n virtio_transport_close\n schedule_delayed_work(close_work)\n sk_shutdown = SHUTDOWN_MASK\n(!) flush accept_queue\n release\n virtio_transport_recv_pkt\n vsock_find_bound_socket\n lock\n if flag(SOCK_DONE) return\n virtio_transport_recv_listen\n child = vsock_create_connected\n (!) vsock_enqueue_accept(child)\n release\nclose_work\n lock\n virtio_transport_do_close\n set_flag(SOCK_DONE)\n virtio_transport_remove_sock\n vsock_remove_sock\n vsock_remove_bound\n release\n\nIntroduce a sk_shutdown check to disallow vsock_enqueue_accept() during\nsocket destruction.\n\nunreferenced object 0xffff888109e3f800 (size 2040):\n comm \"kworker/5:2\", pid 371, jiffies 4294940105\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............\n backtrace (crc 9e5f4e84):\n [] kmem_cache_alloc_noprof+0x2c1/0x360\n [] sk_prot_alloc+0x30/0x120\n [] sk_alloc+0x2c/0x4b0\n [] __vsock_create.constprop.0+0x2a/0x310\n [] virtio_transport_recv_pkt+0x4dc/0x9a0\n [] vsock_loopback_work+0xfd/0x140\n [] process_one_work+0x20c/0x570\n [] worker_thread+0x1bf/0x3a0\n [] kthread+0xdd/0x110\n [] ret_from_fork+0x2d/0x50\n [] ret_from_fork_asm+0x1a/0x30", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53119" }, { "cve":"CVE-2024-53120", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: CT: Fix null-ptr-deref in add rule err flow\n\nIn error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add()\ncallback returns error, zone_rule->attr is used uninitiated. Fix it to\nuse attr which has the needed pointer value.\n\nKernel log:\n BUG: kernel NULL pointer dereference, address: 0000000000000110\n RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n…\n Call Trace:\n \n ? __die+0x20/0x70\n ? page_fault_oops+0x150/0x3e0\n ? exc_page_fault+0x74/0x140\n ? asm_exc_page_fault+0x22/0x30\n ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core]\n ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core]\n mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core]\n ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table]\n flow_offload_work_handler+0x142/0x320 [nf_flow_table]\n ? finish_task_switch.isra.0+0x15b/0x2b0\n process_one_work+0x16c/0x320\n worker_thread+0x28c/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xb8/0xf0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n ", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53120" }, { "cve":"CVE-2024-53121", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: fs, lock FTE when checking if active\n\nThe referenced commits introduced a two-step process for deleting FTEs:\n\n- Lock the FTE, delete it from hardware, set the hardware deletion function\n to NULL and unlock the FTE.\n- Lock the parent flow group, delete the software copy of the FTE, and\n remove it from the xarray.\n\nHowever, this approach encounters a race condition if a rule with the same\nmatch value is added simultaneously. In this scenario, fs_core may set the\nhardware deletion function to NULL prematurely, causing a panic during\nsubsequent rule deletions.\n\nTo prevent this, ensure the active flag of the FTE is checked under a lock,\nwhich will prevent the fs_core layer from attaching a new steering rule to\nan FTE that is in the process of deletion.\n\n[ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func\n[ 438.968205] ------------[ cut here ]------------\n[ 438.968654] refcount_t: decrement hit 0; leaking memory.\n[ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110\n[ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower]\n[ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8\n[ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110\n[ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff <0f> 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90\n[ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286\n[ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000\n[ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0\n[ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0\n[ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0\n[ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0\n[ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000\n[ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0\n[ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 438.986507] Call Trace:\n[ 438.986799] \n[ 438.987070] ? __warn+0x7d/0x110\n[ 438.987426] ? refcount_warn_saturate+0xfb/0x110\n[ 438.987877] ? report_bug+0x17d/0x190\n[ 438.988261] ? prb_read_valid+0x17/0x20\n[ 438.988659] ? handle_bug+0x53/0x90\n[ 438.989054] ? exc_invalid_op+0x14/0x70\n[ 438.989458] ? asm_exc_invalid_op+0x16/0x20\n[ 438.989883] ? refcount_warn_saturate+0xfb/0x110\n[ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core]\n[ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core]\n[ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core]\n[ 438.992054] ? xas_load+0x9/0xb0\n[ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core]\n[ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core]\n[ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core]\n[ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core]\n[ 438.994728] tc_setup_cb_destroy+0xb9/0x190\n[ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower]\n[ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower]\n[ 438.996105] tc_new_tfilter+0x347/0xbc0\n[ 438.996503] ? __\n---truncated---", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53121" }, { "cve":"CVE-2024-53122", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: cope racing subflow creation in mptcp_rcv_space_adjust\n\nAdditional active subflows - i.e. created by the in kernel path\nmanager - are included into the subflow list before starting the\n3whs.\n\nA racing recvmsg() spooling data received on an already established\nsubflow would unconditionally call tcp_cleanup_rbuf() on all the\ncurrent subflows, potentially hitting a divide by zero error on\nthe newly created ones.\n\nExplicitly check that the subflow is in a suitable state before\ninvoking tcp_cleanup_rbuf().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53122" }, { "cve":"CVE-2024-53123", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: error out earlier on disconnect\n\nEric reported a division by zero splat in the MPTCP protocol:\n\nOops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted\n6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nRIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163\nCode: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8\n0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 7c\n24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89\nRSP: 0018:ffffc900041f7930 EFLAGS: 00010293\nRAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b\nRDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004\nRBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67\nR10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80\nR13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000\nFS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\n__tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493\nmptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline]\nmptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289\ninet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885\nsock_recvmsg_nosec net/socket.c:1051 [inline]\nsock_recvmsg+0x1b2/0x250 net/socket.c:1073\n__sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265\n__do_sys_recvfrom net/socket.c:2283 [inline]\n__se_sys_recvfrom net/socket.c:2279 [inline]\n__x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7feb5d857559\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d\n01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559\nRDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000\nR10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c\nR13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef\n\nand provided a nice reproducer.\n\nThe root cause is the current bad handling of racing disconnect.\nAfter the blamed commit below, sk_wait_data() can return (with\nerror) with the underlying socket disconnected and a zero rcv_mss.\n\nCatch the error and return without performing any additional\noperations on the current socket.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53123" }, { "cve":"CVE-2024-53124", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix data-races around sk->sk_forward_alloc\n\nSyzkaller reported this warning:\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0\n Modules linked in:\n CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:inet_sock_destruct+0x1c5/0x1e0\n Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206\n RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007\n RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00\n RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007\n R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00\n R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78\n FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n ? __warn+0x88/0x130\n ? inet_sock_destruct+0x1c5/0x1e0\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x53/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? inet_sock_destruct+0x1c5/0x1e0\n __sk_destruct+0x2a/0x200\n rcu_do_batch+0x1aa/0x530\n ? rcu_do_batch+0x13b/0x530\n rcu_core+0x159/0x2f0\n handle_softirqs+0xd3/0x2b0\n ? __pfx_smpboot_thread_fn+0x10/0x10\n run_ksoftirqd+0x25/0x30\n smpboot_thread_fn+0xdd/0x1d0\n kthread+0xd3/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n ---[ end trace 0000000000000000 ]---\n\nIts possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add()\nconcurrently when sk->sk_state == TCP_LISTEN with sk->sk_lock unlocked,\nwhich triggers a data-race around sk->sk_forward_alloc:\ntcp_v6_rcv\n tcp_v6_do_rcv\n skb_clone_and_charge_r\n sk_rmem_schedule\n __sk_mem_schedule\n sk_forward_alloc_add()\n skb_set_owner_r\n sk_mem_charge\n sk_forward_alloc_add()\n __kfree_skb\n skb_release_all\n skb_release_head_state\n sock_rfree\n sk_mem_uncharge\n sk_forward_alloc_add()\n sk_mem_reclaim\n // set local var reclaimable\n __sk_mem_reclaim\n sk_forward_alloc_add()\n\nIn this syzkaller testcase, two threads call\ntcp_v6_do_rcv() with skb->truesize=768, the sk_forward_alloc changes like\nthis:\n (cpu 1) | (cpu 2) | sk_forward_alloc\n ... | ... | 0\n __sk_mem_schedule() | | +4096 = 4096\n | __sk_mem_schedule() | +4096 = 8192\n sk_mem_charge() | | -768 = 7424\n | sk_mem_charge() | -768 = 6656\n ... | ... |\n sk_mem_uncharge() | | +768 = 7424\n reclaimable=7424 | |\n | sk_mem_uncharge() | +768 = 8192\n | reclaimable=8192 |\n __sk_mem_reclaim() | | -4096 = 4096\n | __sk_mem_reclaim() | -8192 = -4096 != 0\n\nThe skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when\nsk->sk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock().\nFix the same issue in dccp_v6_do_rcv().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53124" }, { "cve":"CVE-2024-53135", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN\n\nHide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support\nfor virtualizing Intel PT via guest/host mode unless BROKEN=y. There are\nmyriad bugs in the implementation, some of which are fatal to the guest,\nand others which put the stability and health of the host at risk.\n\nFor guest fatalities, the most glaring issue is that KVM fails to ensure\ntracing is disabled, and *stays* disabled prior to VM-Enter, which is\nnecessary as hardware disallows loading (the guest's) RTIT_CTL if tracing\nis enabled (enforced via a VMX consistency check). Per the SDM:\n\n If the logical processor is operating with Intel PT enabled (if\n IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the \"load\n IA32_RTIT_CTL\" VM-entry control must be 0.\n\nOn the host side, KVM doesn't validate the guest CPUID configuration\nprovided by userspace, and even worse, uses the guest configuration to\ndecide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring\nguest CPUID to enumerate more address ranges than are supported in hardware\nwill result in KVM trying to passthrough, save, and load non-existent MSRs,\nwhich generates a variety of WARNs, ToPA ERRORs in the host, a potential\ndeadlock, etc.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53135" }, { "cve":"CVE-2024-53138", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: kTLS, Fix incorrect page refcounting\n\nThe kTLS tx handling code is using a mix of get_page() and\npage_ref_inc() APIs to increment the page reference. But on the release\npath (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used.\n\nThis is an issue when using pages from large folios: the get_page()\nreferences are stored on the folio page while the page_ref_inc()\nreferences are stored directly in the given page. On release the folio\npage will be dereferenced too many times.\n\nThis was found while doing kTLS testing with sendfile() + ZC when the\nserved file was read from NFS on a kernel with NFS large folios support\n(commit 49b29a573da8 (\"nfs: add support for large folios\")).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53138" }, { "cve":"CVE-2024-53139", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix possible UAF in sctp_v6_available()\n\nA lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints\nthat sctp_v6_available() is calling dev_get_by_index_rcu()\nand ipv6_chk_addr() without holding rcu.\n\n[1]\n =============================\n WARNING: suspicious RCU usage\n 6.12.0-rc5-virtme #1216 Tainted: G W\n -----------------------------\n net/core/dev.c:876 RCU-list traversed in non-reader section!!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by sctp_hello/31495:\n #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp\n\nstack backtrace:\n CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216\n Tainted: [W]=WARN\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Call Trace:\n \n dump_stack_lvl (lib/dump_stack.c:123)\n lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822)\n dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7))\n sctp_v6_available (net/sctp/ipv6.c:701) sctp\n sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp\n sctp_bind (net/sctp/socket.c:320) sctp\n inet6_bind_sk (net/ipv6/af_inet6.c:465)\n ? security_socket_bind (security/security.c:4581 (discriminator 1))\n __sys_bind (net/socket.c:1848 net/socket.c:1869)\n ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340)\n ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13))\n __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1))\n do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n RIP: 0033:0x7f59b934a1e7\n Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48\nAll code\n========\n 0:\t44 00 00 \tadd %r8b,(%rax)\n 3:\t48 8b 15 39 8c 0c 00 \tmov 0xc8c39(%rip),%rdx # 0xc8c43\n a:\tf7 d8 \tneg %eax\n c:\t64 89 02 \tmov %eax,%fs:(%rdx)\n f:\tb8 ff ff ff ff \tmov $0xffffffff,%eax\n 14:\teb bd \tjmp 0xffffffffffffffd3\n 16:\t66 2e 0f 1f 84 00 00 \tcs nopw 0x0(%rax,%rax,1)\n 1d:\t00 00 00\n 20:\t0f 1f 00 \tnopl (%rax)\n 23:\tb8 31 00 00 00 \tmov $0x31,%eax\n 28:\t0f 05 \tsyscall\n 2a:*\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\t\t<-- trapping instruction\n 30:\t73 01 \tjae 0x33\n 32:\tc3 \tret\n 33:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c43\n 3a:\tf7 d8 \tneg %eax\n 3c:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 3f:\t48 \trex.W\n\nCode starting with the faulting instruction\n===========================================\n 0:\t48 3d 01 f0 ff ff \tcmp $0xfffffffffffff001,%rax\n 6:\t73 01 \tjae 0x9\n 8:\tc3 \tret\n 9:\t48 8b 0d 09 8c 0c 00 \tmov 0xc8c09(%rip),%rcx # 0xc8c19\n 10:\tf7 d8 \tneg %eax\n 12:\t64 89 01 \tmov %eax,%fs:(%rcx)\n 15:\t48 \trex.W\n RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031\n RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7\n RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000\n R10: 00007f59b9253298 R11: 000000000000\n---truncated---", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-53139" }, { "cve":"CVE-2024-53140", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: terminate outstanding dump on socket close\n\nNetlink supports iterative dumping of data. It provides the families\nthe following ops:\n - start - (optional) kicks off the dumping process\n - dump - actual dump helper, keeps getting called until it returns 0\n - done - (optional) pairs with .start, can be used for cleanup\nThe whole process is asynchronous and the repeated calls to .dump\ndon't actually happen in a tight loop, but rather are triggered\nin response to recvmsg() on the socket.\n\nThis gives the user full control over the dump, but also means that\nthe user can close the socket without getting to the end of the dump.\nTo make sure .start is always paired with .done we check if there\nis an ongoing dump before freeing the socket, and if so call .done.\n\nThe complication is that sockets can get freed from BH and .done\nis allowed to sleep. So we use a workqueue to defer the call, when\nneeded.\n\nUnfortunately this does not work correctly. What we defer is not\nthe cleanup but rather releasing a reference on the socket.\nWe have no guarantee that we own the last reference, if someone\nelse holds the socket they may release it in BH and we're back\nto square one.\n\nThe whole dance, however, appears to be unnecessary. Only the user\ncan interact with dumps, so we can clean up when socket is closed.\nAnd close always happens in process context. Some async code may\nstill access the socket after close, queue notification skbs to it etc.\nbut no dumps can start, end or otherwise make progress.\n\nDelete the workqueue and flush the dump state directly from the release\nhandler. Note that further cleanup is possible in -next, for instance\nwe now always call .done before releasing the main module reference,\nso dump doesn't have to take a reference of its own.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53140" }, { "cve":"CVE-2024-53145", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\num: Fix potential integer overflow during physmem setup\n\nThis issue happens when the real map size is greater than LONG_MAX,\nwhich can be easily triggered on UML/i386.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53145" }, { "cve":"CVE-2024-53201", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipeThis commit addresses a null pointer dereference issue indcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ( drm/amd/display:Add null check for pipe_ctx->plane_state in dcn20_program_pipe )partially fixed the null pointer dereference issue. However, indcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, andplane_state is accessed again through pipe_ctx. Multiple if statementsdirectly call attributes of plane_state, leading to potential nullpointer dereference issues. This patch adds necessary null checks toensure stability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53201" }, { "cve":"CVE-2024-53207", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible deadlocks\n\nThis fixes possible deadlocks like the following caused by\nhci_cmd_sync_dequeue causing the destroy function to run:\n\n INFO: task kworker/u19:0:143 blocked for more than 120 seconds.\n Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1\n \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000\n Workqueue: hci0 hci_cmd_sync_work [bluetooth]\n Call Trace:\n \n __schedule+0x374/0xaf0\n schedule+0x3c/0xf0\n schedule_preempt_disabled+0x1c/0x30\n __mutex_lock.constprop.0+0x3ef/0x7a0\n __mutex_lock_slowpath+0x13/0x20\n mutex_lock+0x3c/0x50\n mgmt_set_connectable_complete+0xa4/0x150 [bluetooth]\n ? kfree+0x211/0x2a0\n hci_cmd_sync_dequeue+0xae/0x130 [bluetooth]\n ? __pfx_cmd_complete_rsp+0x10/0x10 [bluetooth]\n cmd_complete_rsp+0x26/0x80 [bluetooth]\n mgmt_pending_foreach+0x4d/0x70 [bluetooth]\n __mgmt_power_off+0x8d/0x180 [bluetooth]\n ? _raw_spin_unlock_irq+0x23/0x40\n hci_dev_close_sync+0x445/0x5b0 [bluetooth]\n hci_set_powered_sync+0x149/0x250 [bluetooth]\n set_powered_sync+0x24/0x60 [bluetooth]\n hci_cmd_sync_work+0x90/0x150 [bluetooth]\n process_one_work+0x13e/0x300\n worker_thread+0x2f7/0x420\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x107/0x140\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x3d/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n ", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53207" }, { "cve":"CVE-2024-53209", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix receive ring space parameters when XDP is active\n\nThe MTU setting at the time an XDP multi-buffer is attached\ndetermines whether the aggregation ring will be used and the\nrx_skb_func handler. This is done in bnxt_set_rx_skb_mode().\n\nIf the MTU is later changed, the aggregation ring setting may need\nto be changed and it may become out-of-sync with the settings\ninitially done in bnxt_set_rx_skb_mode(). This may result in\nrandom memory corruption and crashes as the HW may DMA data larger\nthan the allocated buffer size, such as:\n\nBUG: kernel NULL pointer dereference, address: 00000000000003c0\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 17 PID: 0 Comm: swapper/17 Kdump: loaded Tainted: G S OE 6.1.0-226bf9805506 #1\nHardware name: Wiwynn Delta Lake PVT BZA.02601.0150/Delta Lake-Class1, BIOS F0E_3A12 08/26/2021\nRIP: 0010:bnxt_rx_pkt+0xe97/0x1ae0 [bnxt_en]\nCode: 8b 95 70 ff ff ff 4c 8b 9d 48 ff ff ff 66 41 89 87 b4 00 00 00 e9 0b f7 ff ff 0f b7 43 0a 49 8b 95 a8 04 00 00 25 ff 0f 00 00 <0f> b7 14 42 48 c1 e2 06 49 03 95 a0 04 00 00 0f b6 42 33f\nRSP: 0018:ffffa19f40cc0d18 EFLAGS: 00010202\nRAX: 00000000000001e0 RBX: ffff8e2c805c6100 RCX: 00000000000007ff\nRDX: 0000000000000000 RSI: ffff8e2c271ab990 RDI: ffff8e2c84f12380\nRBP: ffffa19f40cc0e48 R08: 000000000001000d R09: 974ea2fcddfa4cbf\nR10: 0000000000000000 R11: ffffa19f40cc0ff8 R12: ffff8e2c94b58980\nR13: ffff8e2c952d6600 R14: 0000000000000016 R15: ffff8e2c271ab990\nFS: 0000000000000000(0000) GS:ffff8e3b3f840000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000003c0 CR3: 0000000e8580a004 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n __bnxt_poll_work+0x1c2/0x3e0 [bnxt_en]\n\nTo address the issue, we now call bnxt_set_rx_skb_mode() within\nbnxt_change_mtu() to properly set the AGG rings configuration and\nupdate rx_skb_func based on the new MTU value.\nAdditionally, BNXT_FLAG_NO_AGG_RINGS is cleared at the beginning of\nbnxt_set_rx_skb_mode() to make sure it gets set or cleared based on\nthe current MTU.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-53209" }, { "cve":"CVE-2024-53223", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nclk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs\n\nBase clocks are the first in being probed and are real dependencies of the\nrest of fixed, factor and peripheral clocks. For old ralink SoCs RT2880,\nRT305x and RT3883 'xtal' must be defined first since in any other case,\nwhen fixed clocks are probed they are delayed until 'xtal' is probed so the\nfollowing warning appears:\n\n WARNING: CPU: 0 PID: 0 at drivers/clk/ralink/clk-mtmips.c:499 rt3883_bus_recalc_rate+0x98/0x138\n Modules linked in:\n CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.43 #0\n Stack : 805e58d0 00000000 00000004 8004f950 00000000 00000004 00000000 00000000\n 80669c54 80830000 80700000 805ae570 80670068 00000001 80669bf8 00000000\n 00000000 00000000 805ae570 80669b38 00000020 804db7dc 00000000 00000000\n 203a6d6d 80669b78 80669e48 70617773 00000000 805ae570 00000000 00000009\n 00000000 00000001 00000004 00000001 00000000 00000000 83fe43b0 00000000\n ...\n Call Trace:\n [<800065d0>] show_stack+0x64/0xf4\n [<804bca14>] dump_stack_lvl+0x38/0x60\n [<800218ac>] __warn+0x94/0xe4\n [<8002195c>] warn_slowpath_fmt+0x60/0x94\n [<80259ff8>] rt3883_bus_recalc_rate+0x98/0x138\n [<80254530>] __clk_register+0x568/0x688\n [<80254838>] of_clk_hw_register+0x18/0x2c\n [<8070b910>] rt2880_clk_of_clk_init_driver+0x18c/0x594\n [<8070b628>] of_clk_init+0x1c0/0x23c\n [<806fc448>] plat_time_init+0x58/0x18c\n [<806fdaf0>] time_init+0x10/0x6c\n [<806f9bc4>] start_kernel+0x458/0x67c\n\n ---[ end trace 0000000000000000 ]---\n\nWhen this driver was mainlined we could not find any active users of old\nralink SoCs so we cannot perform any real tests for them. Now, one user\nof a Belkin f9k1109 version 1 device which uses RT3883 SoC appeared and\nreported some issues in openWRT:\n- https://github.com/openwrt/openwrt/issues/16054\n\nThus, define a 'rt2880_xtal_recalc_rate()' just returning the expected\nfrequency 40Mhz and use it along the old ralink SoCs to have a correct\nboot trace with no warnings and a working clock plan from the beggining.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.9, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2024-53223" }, { "cve":"CVE-2024-53237", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix use-after-free in device_for_each_child()\n\nSyzbot has reported the following KASAN splat:\n\nBUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0\nRead of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980\n\nCPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x100/0x190\n ? device_for_each_child+0x18f/0x1a0\n print_report+0x13a/0x4cb\n ? __virt_addr_valid+0x5e/0x590\n ? __phys_addr+0xc6/0x150\n ? device_for_each_child+0x18f/0x1a0\n kasan_report+0xda/0x110\n ? device_for_each_child+0x18f/0x1a0\n ? __pfx_dev_memalloc_noio+0x10/0x10\n device_for_each_child+0x18f/0x1a0\n ? __pfx_device_for_each_child+0x10/0x10\n pm_runtime_set_memalloc_noio+0xf2/0x180\n netdev_unregister_kobject+0x1ed/0x270\n unregister_netdevice_many_notify+0x123c/0x1d80\n ? __mutex_trylock_common+0xde/0x250\n ? __pfx_unregister_netdevice_many_notify+0x10/0x10\n ? trace_contention_end+0xe6/0x140\n ? __mutex_lock+0x4e7/0x8f0\n ? __pfx_lock_acquire.part.0+0x10/0x10\n ? rcu_is_watching+0x12/0xc0\n ? unregister_netdev+0x12/0x30\n unregister_netdevice_queue+0x30d/0x3f0\n ? __pfx_unregister_netdevice_queue+0x10/0x10\n ? __pfx_down_write+0x10/0x10\n unregister_netdev+0x1c/0x30\n bnep_session+0x1fb3/0x2ab0\n ? __pfx_bnep_session+0x10/0x10\n ? __pfx_lock_release+0x10/0x10\n ? __pfx_woken_wake_function+0x10/0x10\n ? __kthread_parkme+0x132/0x200\n ? __pfx_bnep_session+0x10/0x10\n ? kthread+0x13a/0x370\n ? __pfx_bnep_session+0x10/0x10\n kthread+0x2b7/0x370\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x48/0x80\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\nAllocated by task 4974:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n __kmalloc_noprof+0x1d1/0x440\n hci_alloc_dev_priv+0x1d/0x2820\n __vhci_create_device+0xef/0x7d0\n vhci_write+0x2c7/0x480\n vfs_write+0x6a0/0xfc0\n ksys_write+0x12f/0x260\n do_syscall_64+0xc7/0x250\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 4979:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x4f/0x70\n kfree+0x141/0x490\n hci_release_dev+0x4d9/0x600\n bt_host_release+0x6a/0xb0\n device_release+0xa4/0x240\n kobject_put+0x1ec/0x5a0\n put_device+0x1f/0x30\n vhci_release+0x81/0xf0\n __fput+0x3f6/0xb30\n task_work_run+0x151/0x250\n do_exit+0xa79/0x2c30\n do_group_exit+0xd5/0x2a0\n get_signal+0x1fcd/0x2210\n arch_do_signal_or_restart+0x93/0x780\n syscall_exit_to_user_mode+0x140/0x290\n do_syscall_64+0xd4/0x250\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nIn 'hci_conn_del_sysfs()', 'device_unregister()' may be called when\nan underlying (kobject) reference counter is greater than 1. This\nmeans that reparenting (happened when the device is actually freed)\nis delayed and, during that delay, parent controller device (hciX)\nmay be deleted. Since the latter may create a dangling pointer to\nfreed parent, avoid that scenario by reparenting to NULL explicitly.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-53237" }, { "cve":"CVE-2024-54193", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal()\n\nMove pm_runtime_set_active() to ivpu_pm_init() so when\nivpu_ipc_send_receive_internal() is executed before ivpu_pm_enable()\nit already has correct runtime state, even if last resume was\nnot successful..", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-54193" }, { "cve":"CVE-2024-56557", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer\n\nThe AD7923 was updated to support devices with 8 channels, but the size\nof tx_buf and ring_xfer was not increased accordingly, leading to a\npotential buffer overflow in ad7923_update_scan_mode().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56557" }, { "cve":"CVE-2024-56567", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nad7780: fix division by zero in ad7780_write_raw()\n\nIn the ad7780_write_raw() , val2 can be zero, which might lead to a\ndivision by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw()\nis based on iio_info's write_raw. While val is explicitly declared that\ncan be zero (in read mode), val2 is not specified to be non-zero.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56567" }, { "cve":"CVE-2024-56590", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix not checking skb length on hci_acldata_packet\n\nThis fixes not checking if skb really contains an ACL header otherwise\nthe code may attempt to access some uninitilized/invalid memory past the\nvalid skb->data.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.4, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56590" }, { "cve":"CVE-2024-56614", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix OOB map writes when deleting elements\n\nJordy says:\n\n\"\nIn the xsk_map_delete_elem function an unsigned integer\n(map->max_entries) is compared with a user-controlled signed integer\n(k). Due to implicit type conversion, a large unsigned value for\nmap->max_entries can bypass the intended bounds check:\n\n\tif (k >= map->max_entries)\n\t\treturn -EINVAL;\n\nThis allows k to hold a negative value (between -2147483648 and -2),\nwhich is then used as an array index in m->xsk_map[k], which results\nin an out-of-bounds access.\n\n\tspin_lock_bh(&m->lock);\n\tmap_entry = &m->xsk_map[k]; // Out-of-bounds map_entry\n\told_xs = unrcu_pointer(xchg(map_entry, NULL)); // Oob write\n\tif (old_xs)\n\t\txsk_map_sock_delete(old_xs, map_entry);\n\tspin_unlock_bh(&m->lock);\n\nThe xchg operation can then be used to cause an out-of-bounds write.\nMoreover, the invalid map_entry passed to xsk_map_sock_delete can lead\nto further memory corruption.\n\"\n\nIt indeed results in following splat:\n\n[76612.897343] BUG: unable to handle page fault for address: ffffc8fc2e461108\n[76612.904330] #PF: supervisor write access in kernel mode\n[76612.909639] #PF: error_code(0x0002) - not-present page\n[76612.914855] PGD 0 P4D 0\n[76612.917431] Oops: Oops: 0002 [#1] PREEMPT SMP\n[76612.921859] CPU: 11 UID: 0 PID: 10318 Comm: a.out Not tainted 6.12.0-rc1+ #470\n[76612.929189] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[76612.939781] RIP: 0010:xsk_map_delete_elem+0x2d/0x60\n[76612.944738] Code: 00 00 41 54 55 53 48 63 2e 3b 6f 24 73 38 4c 8d a7 f8 00 00 00 48 89 fb 4c 89 e7 e8 2d bf 05 00 48 8d b4 eb 00 01 00 00 31 ff <48> 87 3e 48 85 ff 74 05 e8 16 ff ff ff 4c 89 e7 e8 3e bc 05 00 31\n[76612.963774] RSP: 0018:ffffc9002e407df8 EFLAGS: 00010246\n[76612.969079] RAX: 0000000000000000 RBX: ffffc9002e461000 RCX: 0000000000000000\n[76612.976323] RDX: 0000000000000001 RSI: ffffc8fc2e461108 RDI: 0000000000000000\n[76612.983569] RBP: ffffffff80000001 R08: 0000000000000000 R09: 0000000000000007\n[76612.990812] R10: ffffc9002e407e18 R11: ffff888108a38858 R12: ffffc9002e4610f8\n[76612.998060] R13: ffff888108a38858 R14: 00007ffd1ae0ac78 R15: ffffc9002e4610c0\n[76613.005303] FS: 00007f80b6f59740(0000) GS:ffff8897e0ec0000(0000) knlGS:0000000000000000\n[76613.013517] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[76613.019349] CR2: ffffc8fc2e461108 CR3: 000000011e3ef001 CR4: 00000000007726f0\n[76613.026595] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[76613.033841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[76613.041086] PKRU: 55555554\n[76613.043842] Call Trace:\n[76613.046331] \n[76613.048468] ? __die+0x20/0x60\n[76613.051581] ? page_fault_oops+0x15a/0x450\n[76613.055747] ? search_extable+0x22/0x30\n[76613.059649] ? search_bpf_extables+0x5f/0x80\n[76613.063988] ? exc_page_fault+0xa9/0x140\n[76613.067975] ? asm_exc_page_fault+0x22/0x30\n[76613.072229] ? xsk_map_delete_elem+0x2d/0x60\n[76613.076573] ? xsk_map_delete_elem+0x23/0x60\n[76613.080914] __sys_bpf+0x19b7/0x23c0\n[76613.084555] __x64_sys_bpf+0x1a/0x20\n[76613.088194] do_syscall_64+0x37/0xb0\n[76613.091832] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n[76613.096962] RIP: 0033:0x7f80b6d1e88d\n[76613.100592] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48\n[76613.119631] RSP: 002b:00007ffd1ae0ac68 EFLAGS: 00000206 ORIG_RAX: 0000000000000141\n[76613.131330] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80b6d1e88d\n[76613.142632] RDX: 0000000000000098 RSI: 00007ffd1ae0ad20 RDI: 0000000000000003\n[76613.153967] RBP: 00007ffd1ae0adc0 R08: 0000000000000000 R09: 0000000000000000\n[76613.166030] R10: 00007f80b6f77040 R11: 0000000000000206 R12: 00007ffd1ae0aed8\n[76613.177130] R13: 000055ddf42ce1e9 R14: 000055ddf42d0d98 R15: 00\n---truncated---", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-56614" }, { "cve":"CVE-2024-56623", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix use after free on unload\n\nSystem crash is observed with stack trace warning of use after\nfree. There are 2 signals to tell dpc_thread to terminate (UNLOADING\nflag and kthread_stop).\n\nOn setting the UNLOADING flag when dpc_thread happens to run at the time\nand sees the flag, this causes dpc_thread to exit and clean up\nitself. When kthread_stop is called for final cleanup, this causes use\nafter free.\n\nRemove UNLOADING signal to terminate dpc_thread. Use the kthread_stop\nas the main signal to exit dpc_thread.\n\n[596663.812935] kernel BUG at mm/slub.c:294!\n[596663.812950] invalid opcode: 0000 [#1] SMP PTI\n[596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1\n[596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012\n[596663.812974] RIP: 0010:__slab_free+0x17d/0x360\n\n...\n[596663.813008] Call Trace:\n[596663.813022] ? __dentry_kill+0x121/0x170\n[596663.813030] ? _cond_resched+0x15/0x30\n[596663.813034] ? _cond_resched+0x15/0x30\n[596663.813039] ? wait_for_completion+0x35/0x190\n[596663.813048] ? try_to_wake_up+0x63/0x540\n[596663.813055] free_task+0x5a/0x60\n[596663.813061] kthread_stop+0xf3/0x100\n[596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56623" }, { "cve":"CVE-2024-56640", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-56640" }, { "cve":"CVE-2024-56641", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: initialize close_work early to avoid warning\n\nWe encountered a warning that close_work was canceled before\ninitialization.\n\n WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0\n Workqueue: events smc_lgr_terminate_work [smc]\n RIP: 0010:__flush_work+0x19e/0x1b0\n Call Trace:\n ? __wake_up_common+0x7a/0x190\n ? work_busy+0x80/0x80\n __cancel_work_timer+0xe3/0x160\n smc_close_cancel_work+0x1a/0x70 [smc]\n smc_close_active_abort+0x207/0x360 [smc]\n __smc_lgr_terminate.part.38+0xc8/0x180 [smc]\n process_one_work+0x19e/0x340\n worker_thread+0x30/0x370\n ? process_one_work+0x340/0x340\n kthread+0x117/0x130\n ? __kthread_cancel_work+0x50/0x50\n ret_from_fork+0x22/0x30\n\nThis is because when smc_close_cancel_work is triggered, e.g. the RDMA\ndriver is rmmod and the LGR is terminated, the conn->close_work is\nflushed before initialization, resulting in WARN_ON(!work->func).\n\n__smc_lgr_terminate | smc_connect_{rdma|ism}\n-------------------------------------------------------------\n | smc_conn_create\n\t\t\t\t| \\- smc_lgr_register_conn\nfor conn in lgr->conns_all |\n\\- smc_conn_kill |\n \\- smc_close_active_abort |\n \\- smc_close_cancel_work |\n \\- cancel_work_sync |\n \\- __flush_work |\n\t (close_work) |\n\t | smc_close_init\n\t | \\- INIT_WORK(&close_work)\n\nSo fix this by initializing close_work before establishing the\nconnection.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56641" }, { "cve":"CVE-2024-56653", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btmtk: avoid UAF in btmtk_process_coredump\n\nhci_devcd_append may lead to the release of the skb, so it cannot be\naccessed once it is called.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in btmtk_process_coredump+0x2a7/0x2d0 [btmtk]\nRead of size 4 at addr ffff888033cfabb0 by task kworker/0:3/82\n\nCPU: 0 PID: 82 Comm: kworker/0:3 Tainted: G U 6.6.40-lockdep-03464-g1d8b4eb3060e #1 b0b3c1cc0c842735643fb411799d97921d1f688c\nHardware name: Google Yaviks_Ufs/Yaviks_Ufs, BIOS Google_Yaviks_Ufs.15217.552.0 05/07/2024\nWorkqueue: events btusb_rx_work [btusb]\nCall Trace:\n \n dump_stack_lvl+0xfd/0x150\n print_report+0x131/0x780\n kasan_report+0x177/0x1c0\n btmtk_process_coredump+0x2a7/0x2d0 [btmtk 03edd567dd71a65958807c95a65db31d433e1d01]\n btusb_recv_acl_mtk+0x11c/0x1a0 [btusb 675430d1e87c4f24d0c1f80efe600757a0f32bec]\n btusb_rx_work+0x9e/0xe0 [btusb 675430d1e87c4f24d0c1f80efe600757a0f32bec]\n worker_thread+0xe44/0x2cc0\n kthread+0x2ff/0x3a0\n ret_from_fork+0x51/0x80\n ret_from_fork_asm+0x1b/0x30\n \n\nAllocated by task 82:\n stack_trace_save+0xdc/0x190\n kasan_set_track+0x4e/0x80\n __kasan_slab_alloc+0x4e/0x60\n kmem_cache_alloc+0x19f/0x360\n skb_clone+0x132/0xf70\n btusb_recv_acl_mtk+0x104/0x1a0 [btusb]\n btusb_rx_work+0x9e/0xe0 [btusb]\n worker_thread+0xe44/0x2cc0\n kthread+0x2ff/0x3a0\n ret_from_fork+0x51/0x80\n ret_from_fork_asm+0x1b/0x30\n\nFreed by task 1733:\n stack_trace_save+0xdc/0x190\n kasan_set_track+0x4e/0x80\n kasan_save_free_info+0x28/0xb0\n ____kasan_slab_free+0xfd/0x170\n kmem_cache_free+0x183/0x3f0\n hci_devcd_rx+0x91a/0x2060 [bluetooth]\n worker_thread+0xe44/0x2cc0\n kthread+0x2ff/0x3a0\n ret_from_fork+0x51/0x80\n ret_from_fork_asm+0x1b/0x30\n\nThe buggy address belongs to the object at ffff888033cfab40\n which belongs to the cache skbuff_head_cache of size 232\nThe buggy address is located 112 bytes inside of\n freed 232-byte region [ffff888033cfab40, ffff888033cfac28)\n\nThe buggy address belongs to the physical page:\npage:00000000a174ba93 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33cfa\nhead:00000000a174ba93 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nanon flags: 0x4000000000000840(slab|head|zone=1)\npage_type: 0xffffffff()\nraw: 4000000000000840 ffff888100848a00 0000000000000000 0000000000000001\nraw: 0000000000000000 0000000080190019 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888033cfaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc\n ffff888033cfab00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb\n>ffff888033cfab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888033cfac00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc\n ffff888033cfac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n==================================================================\n\nCheck if we need to call hci_devcd_complete before calling\nhci_devcd_append. That requires that we check data->cd_info.cnt >=\nMTK_COREDUMP_NUM instead of data->cd_info.cnt > MTK_COREDUMP_NUM, as we\nincrement data->cd_info.cnt only once the call to hci_devcd_append\nsucceeds.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-56653" }, { "cve":"CVE-2024-56677", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()\n\nDuring early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE,\nsince pageblock_order is still zero and it gets initialized\nlater during initmem_init() e.g.\nsetup_arch() -> initmem_init() -> sparse_init() -> set_pageblock_order()\n\nOne such use case where this causes issue is -\nearly_setup() -> early_init_devtree() -> fadump_reserve_mem() -> fadump_cma_init()\n\nThis causes CMA memory alignment check to be bypassed in\ncma_init_reserved_mem(). Then later cma_activate_area() can hit\na VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) if the reserved memory\narea was not pageblock_order aligned.\n\nFix it by moving the fadump_cma_init() after initmem_init(),\nwhere other such cma reservations also gets called.\n\n\n==============\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10010\nflags: 0x13ffff800000000(node=1|zone=0|lastcpupid=0x7ffff) CMA\nraw: 013ffff800000000 5deadbeef0000100 5deadbeef0000122 0000000000000000\nraw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(pfn & ((1 << order) - 1))\n------------[ cut here ]------------\nkernel BUG at mm/page_alloc.c:778!\n\nCall Trace:\n__free_one_page+0x57c/0x7b0 (unreliable)\nfree_pcppages_bulk+0x1a8/0x2c8\nfree_unref_page_commit+0x3d4/0x4e4\nfree_unref_page+0x458/0x6d0\ninit_cma_reserved_pageblock+0x114/0x198\ncma_init_reserved_areas+0x270/0x3e0\ndo_one_initcall+0x80/0x2f8\nkernel_init_freeable+0x33c/0x530\nkernel_init+0x34/0x26c\nret_from_kernel_user_thread+0x14/0x1c", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.9, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2024-56677" }, { "cve":"CVE-2024-56687", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: Fix hardware lockup on first Rx endpoint request\n\nThere is a possibility that a request's callback could be invoked from\nusb_ep_queue() (call trace below, supplemented with missing calls):\n\nreq->complete from usb_gadget_giveback_request\n\t(drivers/usb/gadget/udc/core.c:999)\nusb_gadget_giveback_request from musb_g_giveback\n\t(drivers/usb/musb/musb_gadget.c:147)\nmusb_g_giveback from rxstate\n\t(drivers/usb/musb/musb_gadget.c:784)\nrxstate from musb_ep_restart\n\t(drivers/usb/musb/musb_gadget.c:1169)\nmusb_ep_restart from musb_ep_restart_resume_work\n\t(drivers/usb/musb/musb_gadget.c:1176)\nmusb_ep_restart_resume_work from musb_queue_resume_work\n\t(drivers/usb/musb/musb_core.c:2279)\nmusb_queue_resume_work from musb_gadget_queue\n\t(drivers/usb/musb/musb_gadget.c:1241)\nmusb_gadget_queue from usb_ep_queue\n\t(drivers/usb/gadget/udc/core.c:300)\n\nAccording to the docstring of usb_ep_queue(), this should not happen:\n\n\"Note that @req's ->complete() callback must never be called from within\nusb_ep_queue() as that can create deadlock situations.\"\n\nIn fact, a hardware lockup might occur in the following sequence:\n\n1. The gadget is initialized using musb_gadget_enable().\n2. Meanwhile, a packet arrives, and the RXPKTRDY flag is set, raising an\n interrupt.\n3. If IRQs are enabled, the interrupt is handled, but musb_g_rx() finds an\n empty queue (next_request() returns NULL). The interrupt flag has\n already been cleared by the glue layer handler, but the RXPKTRDY flag\n remains set.\n4. The first request is enqueued using usb_ep_queue(), leading to the call\n of req->complete(), as shown in the call trace above.\n5. If the callback enables IRQs and another packet is waiting, step (3)\n repeats. The request queue is empty because usb_g_giveback() removes the\n request before invoking the callback.\n6. The endpoint remains locked up, as the interrupt triggered by hardware\n setting the RXPKTRDY flag has been handled, but the flag itself remains\n set.\n\nFor this scenario to occur, it is only necessary for IRQs to be enabled at\nsome point during the complete callback. This happens with the USB Ethernet\ngadget, whose rx_complete() callback calls netif_rx(). If called in the\ntask context, netif_rx() disables the bottom halves (BHs). When the BHs are\nre-enabled, IRQs are also enabled to allow soft IRQs to be processed. The\ngadget itself is initialized at module load (or at boot if built-in), but\nthe first request is enqueued when the network interface is brought up,\ntriggering rx_complete() in the task context via ioctl(). If a packet\narrives while the interface is down, it can prevent the interface from\nreceiving any further packets from the USB host.\n\nThe situation is quite complicated with many parties involved. This\nparticular issue can be resolved in several possible ways:\n\n1. Ensure that callbacks never enable IRQs. This would be difficult to\n enforce, as discovering how netif_rx() interacts with interrupts was\n already quite challenging and u_ether is not the only function driver.\n Similar \"bugs\" could be hidden in other drivers as well.\n2. Disable MUSB interrupts in musb_g_giveback() before calling the callback\n and re-enable them afterwars (by calling musb_{dis,en}able_interrupts(),\n for example). This would ensure that MUSB interrupts are not handled\n during the callback, even if IRQs are enabled. In fact, it would allow\n IRQs to be enabled when releasing the lock. However, this feels like an\n inelegant hack.\n3. Modify the interrupt handler to clear the RXPKTRDY flag if the request\n queue is empty. While this approach also feels like a hack, it wastes\n CPU time by attempting to handle incoming packets when the software is\n not ready to process them.\n4. Flush the Rx FIFO instead of calling rxstate() in musb_ep_restart().\n This ensures that the hardware can receive packets when there is at\n least one request in the queue. Once I\n---truncated---", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56687" }, { "cve":"CVE-2024-56688", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport\n\nSince transport->sock has been set to NULL during reset transport,\nXPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the\nxs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request()\nto dereference the transport->sock that has been set to NULL.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56688" }, { "cve":"CVE-2024-56701", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix dtl_access_lock to be a rw_semaphore\n\nThe dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because\nthe code calls kmalloc() while holding it, which can sleep:\n\n # echo 1 > /proc/powerpc/vcpudispatch_stats\n BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh\n preempt_count: 1, expected: 0\n 3 locks held by sh/199:\n #0: c00000000a0743f8 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x324/0x438\n #1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+0xd4/0x5f4\n #2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+0x220/0x5f4\n CPU: 0 PID: 199 Comm: sh Not tainted 6.10.0-rc4 #152\n Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries\n Call Trace:\n dump_stack_lvl+0x130/0x148 (unreliable)\n __might_resched+0x174/0x410\n kmem_cache_alloc_noprof+0x340/0x3d0\n alloc_dtl_buffers+0x124/0x1ac\n vcpudispatch_stats_write+0x2a8/0x5f4\n proc_reg_write+0xf4/0x150\n vfs_write+0xfc/0x438\n ksys_write+0x88/0x148\n system_call_exception+0x1c4/0x5a0\n system_call_common+0xf4/0x258", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56701" }, { "cve":"CVE-2024-56718", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev->next should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56718" }, { "cve":"CVE-2024-56729", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Initialize cfid->tcon before performing network ops\n\nAvoid leaking a tcon ref when a lease break races with opening the\ncached directory. Processing the leak break might take a reference to\nthe tcon in cached_dir_lease_break() and then fail to release the ref in\ncached_dir_offload_close, since cfid->tcon is still NULL.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.7, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56729" }, { "cve":"CVE-2024-56758", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice..", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56758" }, { "cve":"CVE-2024-56769", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg\n\nSyzbot reports [1] an uninitialized value issue found by KMSAN in\ndib3000_read_reg().\n\nLocal u8 rb[2] is used in i2c_transfer() as a read buffer; in case\nthat call fails, the buffer may end up with some undefined values.\n\nSince no elaborate error handling is expected in dib3000_write_reg(),\nsimply zero out rb buffer to mitigate the problem.\n\n[1] Syzkaller report\ndvb-usb: bulk message failed: -22 (6/0)\n=====================================================\nBUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758\n dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758\n dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31\n dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290\n dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline]\n dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline]\n dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310\n dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110\n...\nLocal variable rb created at:\n dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54\n dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758\n...", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56769" }, { "cve":"CVE-2024-56779", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur\n\nThe action force umount(umount -f) will attempt to kill all rpc_task even\numount operation may ultimately fail if some files remain open.\nConsequently, if an action attempts to open a file, it can potentially\nsend two rpc_task to nfs server.\n\n NFS CLIENT\nthread1 thread2\nopen(\"file\")\n...\nnfs4_do_open\n _nfs4_do_open\n _nfs4_open_and_get_state\n _nfs4_proc_open\n nfs4_run_open_task\n /* rpc_task1 */\n rpc_run_task\n rpc_wait_for_completion_task\n\n umount -f\n nfs_umount_begin\n rpc_killall_tasks\n rpc_signal_task\n rpc_task1 been wakeup\n and return -512\n _nfs4_do_open // while loop\n ...\n nfs4_run_open_task\n /* rpc_task2 */\n rpc_run_task\n rpc_wait_for_completion_task\n\nWhile processing an open request, nfsd will first attempt to find or\nallocate an nfs4_openowner. If it finds an nfs4_openowner that is not\nmarked as NFS4_OO_CONFIRMED, this nfs4_openowner will released. Since\ntwo rpc_task can attempt to open the same file simultaneously from the\nclient to server, and because two instances of nfsd can run\nconcurrently, this situation can lead to lots of memory leak.\nAdditionally, when we echo 0 to /proc/fs/nfsd/threads, warning will be\ntriggered.\n\n NFS SERVER\nnfsd1 nfsd2 echo 0 > /proc/fs/nfsd/threads\n\nnfsd4_open\n nfsd4_process_open1\n find_or_alloc_open_stateowner\n // alloc oo1, stateid1\n nfsd4_open\n nfsd4_process_open1\n find_or_alloc_open_stateowner\n // find oo1, without NFS4_OO_CONFIRMED\n release_openowner\n unhash_openowner_locked\n list_del_init(&oo->oo_perclient)\n // cannot find this oo\n // from client, LEAK!!!\n alloc_stateowner // alloc oo2\n\n nfsd4_process_open2\n init_open_stateid\n // associate oo1\n // with stateid1, stateid1 LEAK!!!\n nfs4_get_vfs_file\n // alloc nfsd_file1 and nfsd_file_mark1\n // all LEAK!!!\n\n nfsd4_process_open2\n ...\n\n write_threads\n ...\n nfsd_destroy_serv\n nfsd_shutdown_net\n nfs4_state_shutdown_net\n nfs4_state_destroy_net\n destroy_client\n __destroy_client\n // won't find oo1!!!\n nfsd_shutdown_generic\n nfsd_file_cache_shutdown\n kmem_cache_destroy\n for nfsd_file_slab\n and nfsd_file_mark_slab\n // bark since nfsd_file1\n // and nfsd_file_mark1\n // still alive\n\n=======================================================================\nBUG nfsd_file (Not tainted): Objects remaining in nfsd_file on\n__kmem_cache_shutdown()\n-----------------------------------------------------------------------\n\nSlab 0xffd4000004438a80 objects=34 used=1 fp=0xff11000110e2ad28\nflags=0x17ffffc0000240(workingset|head|node=0|zone=2|lastcpupid=0x1fffff)\nCPU: 4 UID: 0 PID: 757 Comm: sh Not tainted 6.12.0-rc6+ #19\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nCall Trace:\n \n dum\n---truncated---", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56779" }, { "cve":"CVE-2024-57809", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: imx6: Fix suspend/resume support on i.MX6QDL\n\nThe suspend/resume functionality is currently broken on the i.MX6QDL\nplatform, as documented in the NXP errata (ERR005723):\n\n https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf\n\nThis patch addresses the issue by sharing most of the suspend/resume\nsequences used by other i.MX devices, while avoiding modifications to\ncritical registers that disrupt the PCIe functionality. It targets the\nsame problem as the following downstream commit:\n\n https://github.com/nxp-imx/linux-imx/commit/4e92355e1f79d225ea842511fcfd42b343b32995\n\nUnlike the downstream commit, this patch also resets the connected PCIe\ndevice if possible. Without this reset, certain drivers, such as ath10k\nor iwlwifi, will crash on resume. The device reset is also done by the\ndriver on other i.MX platforms, making this patch consistent with\nexisting practices.\n\nUpon resuming, the kernel will hang and display an error. Here's an\nexample of the error encountered with the ath10k driver:\n\n ath10k_pci 0000:01:00.0: Unable to change power state from D3hot to D0, device inaccessible\n Unhandled fault: imprecise external abort (0x1406) at 0x0106f944\n\nWithout this patch, suspend/resume will fail on i.MX6QDL devices if a\nPCIe device is connected.\n\n[kwilczynski: commit log, added tag for stable releases]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-57809" }, { "cve":"CVE-2024-57874", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\narm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL\n\nCurrently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl'\nvariable, and a SETREGSET call with a length of zero will leave this\nuninitialized. Consequently tagged_addr_ctrl_set() will consume an\narbitrary value, potentially leaking up to 64 bits of memory from the\nkernel stack. The read is limited to a specific slot on the stack, and\nthe issue does not provide a write mechanism.\n\nAs set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and\nrejects other values, a partial SETREGSET attempt will randomly succeed\nor fail depending on the value of the uninitialized value, and the\nexposure is significantly limited.\n\nFix this by initializing the temporary value before copying the regset\nfrom userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG,\nNT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing\nvalue of the tagged address ctrl will be retained.\n\nThe NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the\nuser_aarch64_view used by a native AArch64 task to manipulate another\nnative AArch64 task. As get_tagged_addr_ctrl() only returns an error\nvalue when called for a compat task, tagged_addr_ctrl_get() and\ntagged_addr_ctrl_set() should never observe an error value from\nget_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that\nsuch an error would be unexpected, and error handlnig is not missing in\neither case.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-57874" }, { "cve":"CVE-2024-57892", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix slab-use-after-free due to dangling pointer dqi_priv\n\nWhen mounting ocfs2 and then remounting it as read-only, a\nslab-use-after-free occurs after the user uses a syscall to\nquota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the\ndangling pointer.\n\nDuring the remounting process, the pointer dqi_priv is freed but is never\nset as null leaving it to be accessed. Additionally, the read-only option\nfor remounting sets the DQUOT_SUSPENDED flag instead of setting the\nDQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the\nnext quota, the function ocfs2_get_next_id is called and only checks the\nquota usage flags and not the quota suspended flags.\n\nTo fix this, I set dqi_priv to null when it is freed after remounting with\nread-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id.\n\n[akpm@linux-foundation.org: coding-style cleanups]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-57892" }, { "cve":"CVE-2024-57906", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ti-ads8688: fix information leak in triggered buffer\n\nThe 'buffer' local array is used to push data to user space from a\ntriggered buffer, but it does not set values for inactive channels, as\nit only uses iio_for_each_active_channel() to assign new values.\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-57906" }, { "cve":"CVE-2024-57910", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: vcnl4035: fix information leak in triggered buffer\n\nThe 'buffer' local array is used to push data to userspace from a\ntriggered buffer, but it does not set an initial value for the single\ndata element, which is an u16 aligned to 8 bytes. That leaves at least\n4 bytes uninitialized even after writing an integer value with\nregmap_read().\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-57910" }, { "cve":"CVE-2024-57917", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntopology: Keep the cpumask unchanged when printing cpumap\n\nDuring fuzz testing, the following warning was discovered:\n\n different return values (15 and 11) from vsnprintf(\"%*pbl\n \", ...)\n\n test:keyward is WARNING in kvasprintf\n WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130\n Call Trace:\n kvasprintf+0x121/0x130\n kasprintf+0xa6/0xe0\n bitmap_print_to_buf+0x89/0x100\n core_siblings_list_read+0x7e/0xb0\n kernfs_file_read_iter+0x15b/0x270\n new_sync_read+0x153/0x260\n vfs_read+0x215/0x290\n ksys_read+0xb9/0x160\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nThe call trace shows that kvasprintf() reported this warning during the\nprinting of core_siblings_list. kvasprintf() has several steps:\n\n (1) First, calculate the length of the resulting formatted string.\n\n (2) Allocate a buffer based on the returned length.\n\n (3) Then, perform the actual string formatting.\n\n (4) Check whether the lengths of the formatted strings returned in\n steps (1) and (2) are consistent.\n\nIf the core_cpumask is modified between steps (1) and (3), the lengths\nobtained in these two steps may not match. Indeed our test includes cpu\nhotplugging, which should modify core_cpumask while printing.\n\nTo fix this issue, cache the cpumask into a temporary variable before\ncalling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged\nduring the printing process.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-57917" }, { "cve":"CVE-2024-57922", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add check for granularity in dml ceil/floor helpers\n\n[Why]\nWrapper functions for dcn_bw_ceil2() and dcn_bw_floor2()\nshould check for granularity is non zero to avoid assert and\ndivide-by-zero error in dcn_bw_ functions.\n\n[How]\nAdd check for granularity 0.\n\n(cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec)", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-57922" }, { "cve":"CVE-2024-57926", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err\n\nThe pointer need to be set to NULL, otherwise KASAN complains about\nuse-after-free. Because in mtk_drm_bind, all private's drm are set\nas follows.\n\nprivate->all_drm_private[i]->drm = drm;\n\nAnd drm will be released by drm_dev_put in case mtk_drm_kms_init returns\nfailure. However, the shutdown path still accesses the previous allocated\nmemory in drm_atomic_helper_shutdown.\n\n[ 84.874820] watchdog: watchdog0: watchdog did not stop!\n[ 86.512054] ==================================================================\n[ 86.513162] BUG: KASAN: use-after-free in drm_atomic_helper_shutdown+0x33c/0x378\n[ 86.514258] Read of size 8 at addr ffff0000d46fc068 by task shutdown/1\n[ 86.515213]\n[ 86.515455] CPU: 1 UID: 0 PID: 1 Comm: shutdown Not tainted 6.13.0-rc1-mtk+gfa1a78e5d24b-dirty #55\n[ 86.516752] Hardware name: Unknown Product/Unknown Product, BIOS 2022.10 10/01/2022\n[ 86.517960] Call trace:\n[ 86.518333] show_stack+0x20/0x38 (C)\n[ 86.518891] dump_stack_lvl+0x90/0xd0\n[ 86.519443] print_report+0xf8/0x5b0\n[ 86.519985] kasan_report+0xb4/0x100\n[ 86.520526] __asan_report_load8_noabort+0x20/0x30\n[ 86.521240] drm_atomic_helper_shutdown+0x33c/0x378\n[ 86.521966] mtk_drm_shutdown+0x54/0x80\n[ 86.522546] platform_shutdown+0x64/0x90\n[ 86.523137] device_shutdown+0x260/0x5b8\n[ 86.523728] kernel_restart+0x78/0xf0\n[ 86.524282] __do_sys_reboot+0x258/0x2f0\n[ 86.524871] __arm64_sys_reboot+0x90/0xd8\n[ 86.525473] invoke_syscall+0x74/0x268\n[ 86.526041] el0_svc_common.constprop.0+0xb0/0x240\n[ 86.526751] do_el0_svc+0x4c/0x70\n[ 86.527251] el0_svc+0x4c/0xc0\n[ 86.527719] el0t_64_sync_handler+0x144/0x168\n[ 86.528367] el0t_64_sync+0x198/0x1a0\n[ 86.528920]\n[ 86.529157] The buggy address belongs to the physical page:\n[ 86.529972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000d46fd4d0 pfn:0x1146fc\n[ 86.531319] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff)\n[ 86.532267] raw: 0bfffc0000000000 0000000000000000 dead000000000122 0000000000000000\n[ 86.533390] raw: ffff0000d46fd4d0 0000000000000000 00000000ffffffff 0000000000000000\n[ 86.534511] page dumped because: kasan: bad access detected\n[ 86.535323]\n[ 86.535559] Memory state around the buggy address:\n[ 86.536265] ffff0000d46fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.537314] ffff0000d46fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.538363] >ffff0000d46fc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.544733] ^\n[ 86.551057] ffff0000d46fc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.557510] ffff0000d46fc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 86.563928] ==================================================================\n[ 86.571093] Disabling lock debugging due to kernel taint\n[ 86.577642] Unable to handle kernel paging request at virtual address e0e9c0920000000b\n[ 86.581834] KASAN: maybe wild-memory-access in range [0x0752049000000058-0x075204900000005f]\n...", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-57926" }, { "cve":"CVE-2025-21632", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Ensure shadow stack is active before \"getting\" registers\n\nThe x86 shadow stack support has its own set of registers. Those registers\nare XSAVE-managed, but they are \"supervisor state components\" which means\nthat userspace can not touch them with XSAVE/XRSTOR. It also means that\nthey are not accessible from the existing ptrace ABI for XSAVE state.\nThus, there is a new ptrace get/set interface for it.\n\nThe regset code that ptrace uses provides an ->active() handler in\naddition to the get/set ones. For shadow stack this ->active() handler\nverifies that shadow stack is enabled via the ARCH_SHSTK_SHSTK bit in the\nthread struct. The ->active() handler is checked from some call sites of\nthe regset get/set handlers, but not the ptrace ones. This was not\nunderstood when shadow stack support was put in place.\n\nAs a result, both the set/get handlers can be called with\nXFEATURE_CET_USER in its init state, which would cause get_xsave_addr() to\nreturn NULL and trigger a WARN_ON(). The ssp_set() handler luckily has an\nssp_active() check to avoid surprising the kernel with shadow stack\nbehavior when the kernel is not ready for it (ARCH_SHSTK_SHSTK==0). That\ncheck just happened to avoid the warning.\n\nBut the ->get() side wasn't so lucky. It can be called with shadow stacks\ndisabled, triggering the warning in practice, as reported by Christina\nSchimpe:\n\nWARNING: CPU: 5 PID: 1773 at arch/x86/kernel/fpu/regset.c:198 ssp_get+0x89/0xa0\n[...]\nCall Trace:\n\n? show_regs+0x6e/0x80\n? ssp_get+0x89/0xa0\n? __warn+0x91/0x150\n? ssp_get+0x89/0xa0\n? report_bug+0x19d/0x1b0\n? handle_bug+0x46/0x80\n? exc_invalid_op+0x1d/0x80\n? asm_exc_invalid_op+0x1f/0x30\n? __pfx_ssp_get+0x10/0x10\n? ssp_get+0x89/0xa0\n? ssp_get+0x52/0xa0\n__regset_get+0xad/0xf0\ncopy_regset_to_user+0x52/0xc0\nptrace_regset+0x119/0x140\nptrace_request+0x13c/0x850\n? wait_task_inactive+0x142/0x1d0\n? do_syscall_64+0x6d/0x90\narch_ptrace+0x102/0x300\n[...]\n\nEnsure that shadow stacks are active in a thread before looking them up\nin the XSAVE buffer. Since ARCH_SHSTK_SHSTK and user_ssp[SHSTK_EN] are\nset at the same time, the active check ensures that there will be\nsomething to find in the XSAVE buffer.\n\n[ dhansen: changelog/subject tweaks ]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-21632" }, { "cve":"CVE-2025-21658", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: avoid NULL pointer dereference if no valid extent tree\n\n[BUG]\nSyzbot reported a crash with the following call trace:\n\n BTRFS info (device loop0): scrub: started on devid 1\n BUG: kernel NULL pointer dereference, address: 0000000000000208\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 UID: 0 PID: 689 Comm: repro Kdump: loaded Tainted: G O 6.13.0-rc4-custom+ #206\n Tainted: [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022\n RIP: 0010:find_first_extent_item+0x26/0x1f0 [btrfs]\n Call Trace:\n \n scrub_find_fill_first_stripe+0x13d/0x3b0 [btrfs]\n scrub_simple_mirror+0x175/0x260 [btrfs]\n scrub_stripe+0x5d4/0x6c0 [btrfs]\n scrub_chunk+0xbb/0x170 [btrfs]\n scrub_enumerate_chunks+0x2f4/0x5f0 [btrfs]\n btrfs_scrub_dev+0x240/0x600 [btrfs]\n btrfs_ioctl+0x1dc8/0x2fa0 [btrfs]\n ? do_sys_openat2+0xa5/0xf0\n __x64_sys_ioctl+0x97/0xc0\n do_syscall_64+0x4f/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \n\n[CAUSE]\nThe reproducer is using a corrupted image where extent tree root is\ncorrupted, thus forcing to use \"rescue=all,ro\" mount option to mount the\nimage.\n\nThen it triggered a scrub, but since scrub relies on extent tree to find\nwhere the data/metadata extents are, scrub_find_fill_first_stripe()\nrelies on an non-empty extent root.\n\nBut unfortunately scrub_find_fill_first_stripe() doesn't really expect\nan NULL pointer for extent root, it use extent_root to grab fs_info and\ntriggered a NULL pointer dereference.\n\n[FIX]\nAdd an extra check for a valid extent root at the beginning of\nscrub_find_fill_first_stripe().\n\nThe new error path is introduced by 42437a6386ff (\"btrfs: introduce\nmount option rescue=ignorebadroots\"), but that's pretty old, and later\ncommit b979547513ff (\"btrfs: scrub: introduce helper to find and fill\nsector info for a scrub_stripe\") changed how we do scrub.\n\nSo for kernels older than 6.6, the fix will need manual backport.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-21658" }, { "cve":"CVE-2025-21670", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/bpf: return early if transport is not assigned\n\nSome of the core functions can only be called if the transport\nhas been assigned.\n\nAs Michal reported, a socket might have the transport at NULL,\nfor example after a failed connect(), causing the following trace:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000a0\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 12faf8067 P4D 12faf8067 PUD 113670067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 15 UID: 0 PID: 1198 Comm: a.out Not tainted 6.13.0-rc2+\n RIP: 0010:vsock_connectible_has_data+0x1f/0x40\n Call Trace:\n vsock_bpf_recvmsg+0xca/0x5e0\n sock_recvmsg+0xb9/0xc0\n __sys_recvfrom+0xb3/0x130\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nSo we need to check the `vsk->transport` in vsock_bpf_recvmsg(),\nespecially for connected sockets (stream/seqpacket) as we already\ndo in __vsock_connectible_recvmsg().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1093" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:bpftool-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:bpftool-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-debugsource-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-headers-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-source-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-tools-devel-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:python3-perf-debuginfo-6.6.0-76.0.0.80.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:kernel-6.6.0-76.0.0.80.oe2403sp1.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-21670" } ] }