Main Vulnerability Database SB20240312191

SB20240312191 - openEuler 22.03 LTS SP3 update for kernel

Published: March 12, 2024

Security Bulletin ID SB20240312191

Severity

Low

Patch available

YES

Number of vulnerabilities 5

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2023-46343)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2023-51042)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_cs_wait_all_fences() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

3) Race condition (CVE-ID: CVE-2023-6531)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition when the unix garbage collector's deletion of a SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. A local user can exploit the race and escalate privileges on the system.

4) Out-of-bounds read (CVE-ID: CVE-2024-22705)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c in Linux kernel ksmbd. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

5) Off-by-one (CVE-ID: CVE-2024-23849)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the rds_recv_track_latency() function in net/rds/af_rds.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1114

Vulnerable Software

openEuler: 22.03 LTS SP3
kernel-debuginfo: before 5.10.0-186.0.0.99
perf-debuginfo: before 5.10.0-186.0.0.99
python3-perf: before 5.10.0-186.0.0.99
kernel-devel: before 5.10.0-186.0.0.99
kernel-tools: before 5.10.0-186.0.0.99
kernel-headers: before 5.10.0-186.0.0.99
kernel-tools-debuginfo: before 5.10.0-186.0.0.99
perf: before 5.10.0-186.0.0.99
kernel-debugsource: before 5.10.0-186.0.0.99
kernel-tools-devel: before 5.10.0-186.0.0.99
kernel-source: before 5.10.0-186.0.0.99
python3-perf-debuginfo: before 5.10.0-186.0.0.99
kernel: before 5.10.0-186.0.0.99

SB20240312191 - openEuler 22.03 LTS SP3 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human