{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"kernel security update", "category":"general", "title":"Synopsis" }, { "text":"An update for kernel is now available for openEuler-20.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Shift tested values in snd_soc_put_volsw() by +min\n\nWhile the $val/$val2 values passed in from userspace are always >= 0\nintegers, the limits of the control can be signed integers and the $min\ncan be non-zero and less than zero. To correctly validate $val/$val2\nagainst platform_max, add the $min offset to val first.(CVE-2022-48917)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n The ACK value is considered acceptable only if\n it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <=\n SND.NXT). All incoming segments whose ACK value doesn't satisfy the\n above condition MUST be discarded and an ACK sent back. It needs to\n be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n duplicate (SEG.ACK < SND.UNA), it can be ignored. If the ACK\n acknowledges something not yet sent (SEG.ACK > SND.NXT) then send an\n ACK, drop the segment, and return\". The \"ignored\" above implies that\n the processing of the incoming data segment continues, which means\n the ACK value is treated as acceptable. This mitigation makes the\n ACK check more stringent since any ACK < SND.UNA wouldn't be\n accepted, instead only ACKs that are in the range ((SND.UNA -\n MAX.SND.WND) <= SEG.ACK <= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the 'blamed' patch was adhering to the RFC.\n\ntp->bytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 < S 0:0(0) win 65535 \n+0 > S. 0:0(0) ack 1 <...>\n+0 < . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 < . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 > . 1:1(0) ack 1001(CVE-2023-52881)\n\nA race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.\n\n\n\n\n(CVE-2024-24857)\n\nA race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.\n\n\n\n\n\n\n\n(CVE-2024-24859)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc//cpuset repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/ repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc//cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n(\"cgroup: Make operations on the cgroup root_list RCU safe\"),\ncss->cgroup won't be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd(CVE-2024-43853)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n >ffffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.(CVE-2024-50279)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Fix slab-use-after-free read in sg_release()\n\nFix a use-after-free bug in sg_release(), detected by syzbot with KASAN:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30\nkernel/locking/lockdep.c:5838\n__mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912\nsg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407\n\nIn sg_release(), the function kref_put(&sfp->f_ref, sg_remove_sfp) is\ncalled before releasing the open_rel_lock mutex. The kref_put() call may\ndecrement the reference count of sfp to zero, triggering its cleanup\nthrough sg_remove_sfp(). This cleanup includes scheduling deferred work\nvia sg_remove_sfp_usercontext(), which ultimately frees sfp.\n\nAfter kref_put(), sg_release() continues to unlock open_rel_lock and may\nreference sfp or sdp. If sfp has already been freed, this results in a\nslab-use-after-free error.\n\nMove the kref_put(&sfp->f_ref, sg_remove_sfp) call after unlocking the\nopen_rel_lock mutex. This ensures:\n\n - No references to sfp or sdp occur after the reference count is\n decremented.\n\n - Cleanup functions such as sg_remove_sfp() and\n sg_remove_sfp_usercontext() can safely execute without impacting the\n mutex handling in sg_release().\n\nThe fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures proper\nsequencing of resource cleanup and mutex operations, eliminating the\nrisk of use-after-free errors in sg_release().(CVE-2024-56631)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst->out = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst->dev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.(CVE-2024-56647)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport\n\nSince transport->sock has been set to NULL during reset transport,\nXPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the\nxs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request()\nto dereference the transport->sock that has been set to NULL.(CVE-2024-56688)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY\n\nSince commit 8f4f68e788c3 (\"crypto: pcrypt - Fix hungtask for\nPADATA_RESET\"), the pcrypt encryption and decryption operations return\n-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is\ngenerated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns\n-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.\nFix this issue by calling crypto layer directly without parallelization\nin that case.(CVE-2024-56690)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix slab-use-after-free due to dangling pointer dqi_priv\n\nWhen mounting ocfs2 and then remounting it as read-only, a\nslab-use-after-free occurs after the user uses a syscall to\nquota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the\ndangling pointer.\n\nDuring the remounting process, the pointer dqi_priv is freed but is never\nset as null leaving it to be accessed. Additionally, the read-only option\nfor remounting sets the DQUOT_SUSPENDED flag instead of setting the\nDQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the\nnext quota, the function ocfs2_get_next_id is called and only checks the\nquota usage flags and not the quota suspended flags.\n\nTo fix this, I set dqi_priv to null when it is freed after remounting with\nread-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id.\n\n[akpm@linux-foundation.org: coding-style cleanups](CVE-2024-57892)", "category":"general", "title":"Description" }, { "text":"An update for kernel is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"kernel", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1094", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" }, { "summary":"CVE-2022-48917", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48917&packageName=kernel" }, { "summary":"CVE-2023-52881", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52881&packageName=kernel" }, { "summary":"CVE-2024-24857", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-24857&packageName=kernel" }, { "summary":"CVE-2024-24859", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-24859&packageName=kernel" }, { "summary":"CVE-2024-43853", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-43853&packageName=kernel" }, { "summary":"CVE-2024-50279", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-50279&packageName=kernel" }, { "summary":"CVE-2024-56631", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56631&packageName=kernel" }, { "summary":"CVE-2024-56647", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56647&packageName=kernel" }, { "summary":"CVE-2024-56688", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56688&packageName=kernel" }, { "summary":"CVE-2024-56690", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-56690&packageName=kernel" }, { "summary":"CVE-2024-57892", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-57892&packageName=kernel" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48917" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52881" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24857" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24859" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43853" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50279" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56631" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56647" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56688" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56690" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57892" }, { "summary":"openEuler-SA-2025-1094 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1094.json" } ], "title":"An update for kernel is now available for openEuler-20.03-LTS-SP4", "tracking":{ "initial_release_date":"2025-02-08T20:33:46+08:00", "revision_history":[ { "date":"2025-02-08T20:33:46+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-02-08T20:33:46+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-02-08T20:33:46+08:00", "id":"openEuler-SA-2025-1094", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "name":"python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm" }, "name":"python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "name":"python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm" }, "name":"python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.src.rpm", "name":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.src.rpm" }, "name":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "name":"python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "name":"python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src", "name":"kernel-4.19.90-2502.1.0.0314.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2022-48917", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: ops: Shift tested values in snd_soc_put_volsw() by +min\n\nWhile the $val/$val2 values passed in from userspace are always >= 0\nintegers, the limits of the control can be signed integers and the $min\ncan be non-zero and less than zero. To correctly validate $val/$val2\nagainst platform_max, add the $min offset to val first.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2022-48917" }, { "cve":"CVE-2023-52881", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n The ACK value is considered acceptable only if\n it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <=\n SND.NXT). All incoming segments whose ACK value doesn't satisfy the\n above condition MUST be discarded and an ACK sent back. It needs to\n be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n duplicate (SEG.ACK < SND.UNA), it can be ignored. If the ACK\n acknowledges something not yet sent (SEG.ACK > SND.NXT) then send an\n ACK, drop the segment, and return\". The \"ignored\" above implies that\n the processing of the incoming data segment continues, which means\n the ACK value is treated as acceptable. This mitigation makes the\n ACK check more stringent since any ACK < SND.UNA wouldn't be\n accepted, instead only ACKs that are in the range ((SND.UNA -\n MAX.SND.WND) <= SEG.ACK <= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the 'blamed' patch was adhering to the RFC.\n\ntp->bytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 < S 0:0(0) win 65535 \n+0 > S. 0:0(0) ack 1 <...>\n+0 < . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 < . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 > . 1:1(0) ack 1001", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.9, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-52881" }, { "cve":"CVE-2024-24857", "notes":[ { "text":"A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.\n\n\n\n\n", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.8, "vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-24857" }, { "cve":"CVE-2024-24859", "notes":[ { "text":"A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.\n\n\n\n\n\n\n\n", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.8, "vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-24859" }, { "cve":"CVE-2024-43853", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: Prevent UAF in proc_cpuset_show()\n\nAn UAF can happen when /proc/cpuset is read as reported in [1].\n\nThis can be reproduced by the following methods:\n1.add an mdelay(1000) before acquiring the cgroup_lock In the\n cgroup_path_ns function.\n2.$cat /proc//cpuset repeatly.\n3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/\n$umount /sys/fs/cgroup/cpuset/ repeatly.\n\nThe race that cause this bug can be shown as below:\n\n(umount)\t\t|\t(cat /proc//cpuset)\ncss_release\t\t|\tproc_cpuset_show\ncss_release_work_fn\t|\tcss = task_get_css(tsk, cpuset_cgrp_id);\ncss_free_rwork_fn\t|\tcgroup_path_ns(css->cgroup, ...);\ncgroup_destroy_root\t|\tmutex_lock(&cgroup_mutex);\nrebind_subsystems\t|\ncgroup_free_root \t|\n\t\t\t|\t// cgrp was freed, UAF\n\t\t\t|\tcgroup_path_ns_locked(cgrp,..);\n\nWhen the cpuset is initialized, the root node top_cpuset.css.cgrp\nwill point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will\nallocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated\n&cgroup_root.cgrp. When the umount operation is executed,\ntop_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp.\n\nThe problem is that when rebinding to cgrp_dfl_root, there are cases\nwhere the cgroup_root allocated by setting up the root for cgroup v1\nis cached. This could lead to a Use-After-Free (UAF) if it is\nsubsequently freed. The descendant cgroups of cgroup v1 can only be\nfreed after the css is released. However, the css of the root will never\nbe released, yet the cgroup_root should be freed when it is unmounted.\nThis means that obtaining a reference to the css of the root does\nnot guarantee that css.cgrp->root will not be freed.\n\nFix this problem by using rcu_read_lock in proc_cpuset_show().\nAs cgroup_root is kfree_rcu after commit d23b5c577715\n(\"cgroup: Make operations on the cgroup root_list RCU safe\"),\ncss->cgroup won't be freed during the critical section.\nTo call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to\nreplace task_get_css with task_css.\n\n[1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-43853" }, { "cve":"CVE-2024-50279", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n >ffffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.1, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-50279" }, { "cve":"CVE-2024-56631", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Fix slab-use-after-free read in sg_release()\n\nFix a use-after-free bug in sg_release(), detected by syzbot with KASAN:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30\nkernel/locking/lockdep.c:5838\n__mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912\nsg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407\n\nIn sg_release(), the function kref_put(&sfp->f_ref, sg_remove_sfp) is\ncalled before releasing the open_rel_lock mutex. The kref_put() call may\ndecrement the reference count of sfp to zero, triggering its cleanup\nthrough sg_remove_sfp(). This cleanup includes scheduling deferred work\nvia sg_remove_sfp_usercontext(), which ultimately frees sfp.\n\nAfter kref_put(), sg_release() continues to unlock open_rel_lock and may\nreference sfp or sdp. If sfp has already been freed, this results in a\nslab-use-after-free error.\n\nMove the kref_put(&sfp->f_ref, sg_remove_sfp) call after unlocking the\nopen_rel_lock mutex. This ensures:\n\n - No references to sfp or sdp occur after the reference count is\n decremented.\n\n - Cleanup functions such as sg_remove_sfp() and\n sg_remove_sfp_usercontext() can safely execute without impacting the\n mutex handling in sg_release().\n\nThe fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures proper\nsequencing of resource cleanup and mutex operations, eliminating the\nrisk of use-after-free errors in sg_release().", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-56631" }, { "cve":"CVE-2024-56647", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst->out = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst->dev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56647" }, { "cve":"CVE-2024-56688", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport\n\nSince transport->sock has been set to NULL during reset transport,\nXPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the\nxs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request()\nto dereference the transport->sock that has been set to NULL.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56688" }, { "cve":"CVE-2024-56690", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY\n\nSince commit 8f4f68e788c3 (\"crypto: pcrypt - Fix hungtask for\nPADATA_RESET\"), the pcrypt encryption and decryption operations return\n-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is\ngenerated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns\n-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.\nFix this issue by calling crypto layer directly without parallelization\nin that case.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-56690" }, { "cve":"CVE-2024-57892", "notes":[ { "text":"In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix slab-use-after-free due to dangling pointer dqi_priv\n\nWhen mounting ocfs2 and then remounting it as read-only, a\nslab-use-after-free occurs after the user uses a syscall to\nquota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the\ndangling pointer.\n\nDuring the remounting process, the pointer dqi_priv is freed but is never\nset as null leaving it to be accessed. Additionally, the read-only option\nfor remounting sets the DQUOT_SUSPENDED flag instead of setting the\nDQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the\nnext quota, the function ocfs2_get_next_id is called and only checks the\nquota usage flags and not the quota suspended flags.\n\nTo fix this, I set dqi_priv to null when it is freed after remounting with\nread-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id.\n\n[akpm@linux-foundation.org: coding-style cleanups]", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ], "details":"kernel security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1094" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:bpftool-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:bpftool-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-debugsource-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-source-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-tools-devel-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python2-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:python3-perf-debuginfo-4.19.90-2502.1.0.0314.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:kernel-4.19.90-2502.1.0.0314.oe2003sp4.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-57892" } ] }