{"schema_version":"1.7.2","id":"OESA-2024-2256","modified":"2024-10-18T11:09:22Z","published":"2024-10-18T11:09:22Z","upstream":["CVE-2021-47400","CVE-2022-48879","CVE-2023-52444","CVE-2024-35955","CVE-2024-35969","CVE-2024-42313","CVE-2024-43830","CVE-2024-43892","CVE-2024-43893","CVE-2024-46816","CVE-2024-46829","CVE-2024-46840","CVE-2024-46849","CVE-2024-46859"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: hns3: do not allow call hns3_nic_net_open repeatedly\r\n\r\nhns3_nic_net_open() is not allowed to called repeatly, but there\nis no checking for this. When doing device reset and setup tc\nconcurrently, there is a small oppotunity to call hns3_nic_net_open\nrepeatedly, and cause kernel bug by calling napi_enable twice.\r\n\r\nThe calltrace information is like below:\n[ 3078.222780] ------------[ cut here ]------------\n[ 3078.230255] kernel BUG at net/core/dev.c:6991!\n[ 3078.236224] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n[ 3078.243431] Modules linked in: hns3 hclgevf hclge hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O)\n[ 3078.258880] CPU: 0 PID: 295 Comm: kworker/u8:5 Tainted: G           O      5.14.0-rc4+ #1\n[ 3078.269102] Hardware name:  , BIOS KpxxxFPGA 1P B600 V181 08/12/2021\n[ 3078.276801] Workqueue: hclge hclge_service_task [hclge]\n[ 3078.288774] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\n[ 3078.296168] pc : napi_enable+0x80/0x84\ntc qdisc sho[w  3d0e7v8 .e3t0h218 79] lr : hns3_nic_net_open+0x138/0x510 [hns3]\r\n\r\n[ 3078.314771] sp : ffff8000108abb20\n[ 3078.319099] x29: ffff8000108abb20 x28: 0000000000000000 x27: ffff0820a8490300\n[ 3078.329121] x26: 0000000000000001 x25: ffff08209cfc6200 x24: 0000000000000000\n[ 3078.339044] x23: ffff0820a8490300 x22: ffff08209cd76000 x21: ffff0820abfe3880\n[ 3078.349018] x20: 0000000000000000 x19: ffff08209cd76900 x18: 0000000000000000\n[ 3078.358620] x17: 0000000000000000 x16: ffffc816e1727a50 x15: 0000ffff8f4ff930\n[ 3078.368895] x14: 0000000000000000 x13: 0000000000000000 x12: 0000259e9dbeb6b4\n[ 3078.377987] x11: 0096a8f7e764eb40 x10: 634615ad28d3eab5 x9 : ffffc816ad8885b8\n[ 3078.387091] x8 : ffff08209cfc6fb8 x7 : ffff0820ac0da058 x6 : ffff0820a8490344\n[ 3078.396356] x5 : 0000000000000140 x4 : 0000000000000003 x3 : ffff08209cd76938\n[ 3078.405365] x2 : 0000000000000000 x1 : 0000000000000010 x0 : ffff0820abfe38a0\n[ 3078.414657] Call trace:\n[ 3078.418517]  napi_enable+0x80/0x84\n[ 3078.424626]  hns3_reset_notify_up_enet+0x78/0xd0 [hns3]\n[ 3078.433469]  hns3_reset_notify+0x64/0x80 [hns3]\n[ 3078.441430]  hclge_notify_client+0x68/0xb0 [hclge]\n[ 3078.450511]  hclge_reset_rebuild+0x524/0x884 [hclge]\n[ 3078.458879]  hclge_reset_service_task+0x3c4/0x680 [hclge]\n[ 3078.467470]  hclge_service_task+0xb0/0xb54 [hclge]\n[ 3078.475675]  process_one_work+0x1dc/0x48c\n[ 3078.481888]  worker_thread+0x15c/0x464\n[ 3078.487104]  kthread+0x160/0x170\n[ 3078.492479]  ret_from_fork+0x10/0x18\n[ 3078.498785] Code: c8027c81 35ffffa2 d50323bf d65f03c0 (d4210000)\n[ 3078.506889] ---[ end trace 8ebe0340a1b0fb44 ]---\r\n\r\nOnce hns3_nic_net_open() is excute success, the flag\nHNS3_NIC_STATE_DOWN will be cleared. So add checking for this\nflag, directly return when HNS3_NIC_STATE_DOWN is no set.(CVE-2021-47400)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nefi: fix NULL-deref in init error path\r\n\r\nIn cases where runtime services are not supported or have been disabled,\nthe runtime services workqueue will never have been allocated.\r\n\r\nDo not try to destroy the workqueue unconditionally in the unlikely\nevent that EFI initialisation fails to avoid dereferencing a NULL\npointer.(CVE-2022-48879)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nf2fs: fix to avoid dirent corruption\r\n\r\nAs Al reported in link[1]:\r\n\r\nf2fs_rename()\n...\n\tif (old_dir != new_dir \u0026amp;\u0026amp; !whiteout)\n\t\tf2fs_set_link(old_inode, old_dir_entry,\n\t\t\t\t\told_dir_page, new_dir);\n\telse\n\t\tf2fs_put_page(old_dir_page, 0);\r\n\r\nYou want correct inumber in the \u0026quot;..\u0026quot; link.  And cross-directory\nrename does move the source to new parent, even if you\u0026apos;d been asked\nto leave a whiteout in the old place.\r\n\r\n[1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/\r\n\r\nWith below testcase, it may cause dirent corruption, due to it missed\nto call f2fs_set_link() to update \u0026quot;..\u0026quot; link to new directory.\n- mkdir -p dir/foo\n- renameat2 -w dir/foo bar\r\n\r\n[ASSERT] (__chk_dots_dentries:1421)  --\u0026gt; Bad inode number[0x4] for \u0026apos;..\u0026apos;, parent parent ino is [0x3]\n[FSCK] other corrupted bugs                           [Fail](CVE-2023-52444)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nkprobes: Fix possible use-after-free issue on kprobe registration\r\n\r\nWhen unloading a module, its state is changing MODULE_STATE_LIVE -\u0026gt;\n MODULE_STATE_GOING -\u0026gt; MODULE_STATE_UNFORMED. Each change will take\na time. `is_module_text_address()` and `__module_text_address()`\nworks with MODULE_STATE_LIVE and MODULE_STATE_GOING.\nIf we use `is_module_text_address()` and `__module_text_address()`\nseparately, there is a chance that the first one is succeeded but the\nnext one is failed because module-\u0026gt;state becomes MODULE_STATE_UNFORMED\nbetween those operations.\r\n\r\nIn `check_kprobe_address_safe()`, if the second `__module_text_address()`\nis failed, that is ignored because it expected a kernel_text address.\nBut it may have failed simply because module-\u0026gt;state has been changed\nto MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify\nnon-exist module text address (use-after-free).\r\n\r\nTo fix this problem, we should not use separated `is_module_text_address()`\nand `__module_text_address()`, but use only `__module_text_address()`\nonce and do `try_module_get(module)` which is only available with\nMODULE_STATE_LIVE.(CVE-2024-35955)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr\r\n\r\nAlthough ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it\nstill means hlist_for_each_entry_rcu can return an item that got removed\nfrom the list. The memory itself of such item is not freed thanks to RCU\nbut nothing guarantees the actual content of the memory is sane.\r\n\r\nIn particular, the reference count can be zero. This can happen if\nipv6_del_addr is called in parallel. ipv6_del_addr removes the entry\nfrom inet6_addr_lst (hlist_del_init_rcu(\u0026amp;ifp-\u0026gt;addr_lst)) and drops all\nreferences (__in6_ifa_put(ifp) + in6_ifa_put(ifp)). With bad enough\ntiming, this can happen:\r\n\r\n1. In ipv6_get_ifaddr, hlist_for_each_entry_rcu returns an entry.\r\n\r\n2. Then, the whole ipv6_del_addr is executed for the given entry. The\n   reference count drops to zero and kfree_rcu is scheduled.\r\n\r\n3. ipv6_get_ifaddr continues and tries to increments the reference count\n   (in6_ifa_hold).\r\n\r\n4. The rcu is unlocked and the entry is freed.\r\n\r\n5. The freed entry is returned.\r\n\r\nPrevent increasing of the reference count in such case. The name\nin6_ifa_hold_safe is chosen to mimic the existing fib6_info_hold_safe.\r\n\r\n[   41.506330] refcount_t: addition on 0; use-after-free.\n[   41.506760] WARNING: CPU: 0 PID: 595 at lib/refcount.c:25 refcount_warn_saturate+0xa5/0x130\n[   41.507413] Modules linked in: veth bridge stp llc\n[   41.507821] CPU: 0 PID: 595 Comm: python3 Not tainted 6.9.0-rc2.main-00208-g49563be82afa #14\n[   41.508479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n[   41.509163] RIP: 0010:refcount_warn_saturate+0xa5/0x130\n[   41.509586] Code: ad ff 90 0f 0b 90 90 c3 cc cc cc cc 80 3d c0 30 ad 01 00 75 a0 c6 05 b7 30 ad 01 01 90 48 c7 c7 38 cc 7a 8c e8 cc 18 ad ff 90 \u0026lt;0f\u0026gt; 0b 90 90 c3 cc cc cc cc 80 3d 98 30 ad 01 00 0f 85 75 ff ff ff\n[   41.510956] RSP: 0018:ffffbda3c026baf0 EFLAGS: 00010282\n[   41.511368] RAX: 0000000000000000 RBX: ffff9e9c46914800 RCX: 0000000000000000\n[   41.511910] RDX: ffff9e9c7ec29c00 RSI: ffff9e9c7ec1c900 RDI: ffff9e9c7ec1c900\n[   41.512445] RBP: ffff9e9c43660c9c R08: 0000000000009ffb R09: 00000000ffffdfff\n[   41.512998] R10: 00000000ffffdfff R11: ffffffff8ca58a40 R12: ffff9e9c4339a000\n[   41.513534] R13: 0000000000000001 R14: ffff9e9c438a0000 R15: ffffbda3c026bb48\n[   41.514086] FS:  00007fbc4cda1740(0000) GS:ffff9e9c7ec00000(0000) knlGS:0000000000000000\n[   41.514726] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   41.515176] CR2: 000056233b337d88 CR3: 000000000376e006 CR4: 0000000000370ef0\n[   41.515713] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[   41.516252] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[   41.516799] Call Trace:\n[   41.517037]  \u0026lt;TASK\u0026gt;\n[   41.517249]  ? __warn+0x7b/0x120\n[   41.517535]  ? refcount_warn_saturate+0xa5/0x130\n[   41.517923]  ? report_bug+0x164/0x190\n[   41.518240]  ? handle_bug+0x3d/0x70\n[   41.518541]  ? exc_invalid_op+0x17/0x70\n[   41.520972]  ? asm_exc_invalid_op+0x1a/0x20\n[   41.521325]  ? refcount_warn_saturate+0xa5/0x130\n[   41.521708]  ipv6_get_ifaddr+0xda/0xe0\n[   41.522035]  inet6_rtm_getaddr+0x342/0x3f0\n[   41.522376]  ? __pfx_inet6_rtm_getaddr+0x10/0x10\n[   41.522758]  rtnetlink_rcv_msg+0x334/0x3d0\n[   41.523102]  ? netlink_unicast+0x30f/0x390\n[   41.523445]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n[   41.523832]  netlink_rcv_skb+0x53/0x100\n[   41.524157]  netlink_unicast+0x23b/0x390\n[   41.524484]  netlink_sendmsg+0x1f2/0x440\n[   41.524826]  __sys_sendto+0x1d8/0x1f0\n[   41.525145]  __x64_sys_sendto+0x1f/0x30\n[   41.525467]  do_syscall_64+0xa5/0x1b0\n[   41.525794]  entry_SYSCALL_64_after_hwframe+0x72/0x7a\n[   41.526213] RIP: 0033:0x7fbc4cfcea9a\n[   41.526528] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 2c 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89\n[   41.527942] RSP: 002b:00007f\n---truncated---(CVE-2024-35969)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: venus: fix use after free in vdec_close\r\n\r\nThere appears to be a possible use after free with vdec_close().\nThe firmware will add buffer release work to the work queue through\nHFI callbacks as a normal part of decoding. Randomly closing the\ndecoder device from userspace during normal decoding can incur\na read after free for inst.\r\n\r\nFix it by cancelling the work in vdec_close.(CVE-2024-42313)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nleds: trigger: Unregister sysfs attributes before calling deactivate()\r\n\r\nTriggers which have trigger specific sysfs attributes typically store\nrelated data in trigger-data allocated by the activate() callback and\nfreed by the deactivate() callback.\r\n\r\nCalling device_remove_groups() after calling deactivate() leaves a window\nwhere the sysfs attributes show/store functions could be called after\ndeactivation and then operate on the just freed trigger-data.\r\n\r\nMove the device_remove_groups() call to before deactivate() to close\nthis race window.\r\n\r\nThis also makes the deactivation path properly do things in reverse order\nof the activation path which calls the activate() callback before calling\ndevice_add_groups().(CVE-2024-43830)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmemcg: protect concurrent access to mem_cgroup_idr\r\n\r\nCommit 73f576c04b94 (\u0026quot;mm: memcontrol: fix cgroup creation failure after\nmany small jobs\u0026quot;) decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures.  It introduced IDR to maintain the memcg ID\nspace.  The IDR depends on external synchronization mechanisms for\nmodifications.  For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications.  However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero.  Fix that.\r\n\r\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time.  These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode.  Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\u0026apos;s list_lru didn\u0026apos;t have list_lru_one for the\nmemcg of that object.  The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success.  No evidence were found for these cases.\r\n\r\nLooking more deeply, we started seeing situations where valid memcg\u0026apos;s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them.  So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove().  These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them.  Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one.(CVE-2024-43892)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nserial: core: check uartclk for zero to avoid divide by zero\r\n\r\nCalling ioctl TIOCSSERIAL with an invalid baud_base can\nresult in uartclk being zero, which will result in a\ndivide by zero error in uart_get_divisor(). The check for\nuartclk being zero in uart_set_info() needs to be done\nbefore other settings are made as subsequent calls to\nioctl TIOCSSERIAL for the same port would be impacted if\nthe uartclk check was done where uartclk gets set.\r\n\r\nOops: divide error: 0000  PREEMPT SMP KASAN PTI\nRIP: 0010:uart_get_divisor (drivers/tty/serial/serial_core.c:580)\nCall Trace:\n \u0026lt;TASK\u0026gt;\nserial8250_get_divisor (drivers/tty/serial/8250/8250_port.c:2576\n    drivers/tty/serial/8250/8250_port.c:2589)\nserial8250_do_set_termios (drivers/tty/serial/8250/8250_port.c:502\n    drivers/tty/serial/8250/8250_port.c:2741)\nserial8250_set_termios (drivers/tty/serial/8250/8250_port.c:2862)\nuart_change_line_settings (./include/linux/spinlock.h:376\n    ./include/linux/serial_core.h:608 drivers/tty/serial/serial_core.c:222)\nuart_port_startup (drivers/tty/serial/serial_core.c:342)\nuart_startup (drivers/tty/serial/serial_core.c:368)\nuart_set_info (drivers/tty/serial/serial_core.c:1034)\nuart_set_info_user (drivers/tty/serial/serial_core.c:1059)\ntty_set_serial (drivers/tty/tty_io.c:2637)\ntty_ioctl (drivers/tty/tty_io.c:2647 drivers/tty/tty_io.c:2791)\n__x64_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:907\n    fs/ioctl.c:893 fs/ioctl.c:893)\ndo_syscall_64 (arch/x86/entry/common.c:52\n    (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\r\n\r\nRule: add(CVE-2024-43893)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links\r\n\r\n[Why]\nCoverity report OVERRUN warning. There are\nonly max_links elements within dc-\u0026gt;links. link\ncount could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31.\r\n\r\n[How]\nMake sure link count less than max_links.(CVE-2024-46816)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nrtmutex: Drop rt_mutex::wait_lock before scheduling\r\n\r\nrt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.  In the\ngood case it returns with the lock held and in the deadlock case it emits a\nwarning and goes into an endless scheduling loop with the lock held, which\ntriggers the \u0026apos;scheduling in atomic\u0026apos; warning.\r\n\r\nUnlock rt_mutex::wait_lock in the dead lock case before issuing the warning\nand dropping into the schedule for ever loop.\r\n\r\n[ tglx: Moved unlock before the WARN(), removed the pointless comment,\n  \tmassaged changelog, added Fixes tag ](CVE-2024-46829)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: clean up our handling of refs == 0 in snapshot delete\r\n\r\nIn reada we BUG_ON(refs == 0), which could be unkind since we aren\u0026apos;t\nholding a lock on the extent leaf and thus could get a transient\nincorrect answer.  In walk_down_proc we also BUG_ON(refs == 0), which\ncould happen if we have extent tree corruption.  Change that to return\n-EUCLEAN.  In do_walk_down() we catch this case and handle it correctly,\nhowever we return -EIO, which -EUCLEAN is a more appropriate error code.\nFinally in walk_up_proc we have the same BUG_ON(refs == 0), so convert\nthat to proper error handling.  Also adjust the error message so we can\nactually do something with the information.(CVE-2024-46840)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nASoC: meson: axg-card: fix \u0026apos;use-after-free\u0026apos;\r\n\r\nBuffer \u0026apos;card-\u0026gt;dai_link\u0026apos; is reallocated in \u0026apos;meson_card_reallocate_links()\u0026apos;,\nso move \u0026apos;pad\u0026apos; pointer initialization after this function when memory is\nalready reallocated.\r\n\r\nKasan bug report:\r\n\r\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\r\n\r\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194(CVE-2024-46849)\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nplatform/x86: panasonic-laptop: Fix SINF array out of bounds accesses\r\n\r\nThe panasonic laptop code in various places uses the SINF array with index\nvalues of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array\nis big enough.\r\n\r\nNot all panasonic laptops have this many SINF array entries, for example\nthe Toughbook CF-18 model only has 10 SINF array entries. So it only\nsupports the AC+DC brightness entries and mute.\r\n\r\nCheck that the SINF array has a minimum size which covers all AC+DC\nbrightness entries and refuse to load if the SINF array is smaller.\r\n\r\nFor higher SINF indexes hide the sysfs attributes when the SINF array\ndoes not contain an entry for that attribute, avoiding show()/store()\naccessing the array out of bounds and add bounds checking to the probe()\nand resume() code accessing these.(CVE-2024-46859)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2410.2.0.0299.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","bpftool-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","kernel-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","kernel-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","kernel-debugsource-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","kernel-devel-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","kernel-source-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","kernel-tools-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","kernel-tools-devel-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","perf-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","perf-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","python2-perf-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","python2-perf-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","python3-perf-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm","python3-perf-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.aarch64.rpm"],"src":["kernel-4.19.90-2410.2.0.0299.oe2003sp4.src.rpm"],"x86_64":["bpftool-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","bpftool-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","kernel-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","kernel-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","kernel-debugsource-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","kernel-devel-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","kernel-source-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","kernel-tools-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","kernel-tools-devel-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","perf-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","perf-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","python2-perf-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","python2-perf-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","python3-perf-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm","python3-perf-debuginfo-4.19.90-2410.2.0.0299.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2256"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-47400"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48879"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52444"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35955"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35969"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42313"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43830"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43892"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43893"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46816"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46829"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46840"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46849"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46859"}],"database_specific":{"severity":"High"}}