SB2020123024 - openEuler 20.03 LTS update for kernel

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2020-25704)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

2) Out-of-bounds read (CVE-ID: CVE-2020-28974)

The vulnerability allows a local privileged user to read and manipulate data.

The vulnerability exists due to an out-of-bounds read error within the con_font_default() and con_font_op() functions in drivers/tty/vt/vt.c. A local privileged user can read and manipulate data.

3) Memory leak (CVE-ID: CVE-2020-29371)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to memory leak within the romfs_dev_read() function in fs/romfs/storage.c. A local user can gain access to sensitive information.

4) Buffer Over-read (CVE-ID: CVE-2020-28915)

The vulnerability allows a local user with physical access to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds (OOB) memory access flaw in fbcon_get_font() function in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A local user with special user privilege and with physical access can gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.

5) Use of insufficiently random values (CVE-ID: CVE-2020-25705)

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

6) Concurrent execution using shared resource with improper synchronization ('race condition') (CVE-ID: CVE-2020-29370)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to concurrent execution using shared resource with improper synchronization ('race condition') error within the kmem_cache_alloc_bulk() function in mm/slub.c. A local user can execute arbitrary code.

7) Out-of-bounds write (CVE-ID: CVE-2020-29368)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the __split_huge_pmd() function in mm/huge_memory.c in the Linux kernel. A local user can abuse the copy-on-write implementation and gain unintended write access because of a race condition in a THP mapcount check.

8) Release of invalid pointer or reference (CVE-ID: CVE-2020-28941)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to release of invalid pointer or reference error within the makefile. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1112