Main Vulnerability Database SB2024032754

SB2024032754 - Anolis OS update for kernel

Published: March 27, 2024 Updated: March 29, 2025

Security Bulletin ID SB2024032754

Severity

High

Patch available

YES

Number of vulnerabilities 18

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) Division by zero (CVE-ID: CVE-2023-20588)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a divide by zero error that can return speculative data. A local user can gain access to potentially sensitive information.

2) Race condition (CVE-ID: CVE-2024-24860)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.

3) Out-of-bounds read (CVE-ID: CVE-2024-26597)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c when parsing the netlink attributes. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

4) Double Free (CVE-ID: CVE-2023-28464)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the hci_conn_cleanup() function in net/bluetooth/hci_conn.c in Linux kernel. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

5) Out-of-bounds read (CVE-ID: CVE-2023-39192)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.

6) Out-of-bounds write (CVE-ID: CVE-2023-45863)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the fill_kobj_path() function in lib/kobject.c. A local user can can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

7) Buffer overflow (CVE-ID: CVE-2023-45871)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c when handling frames larger than the MTU. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) Use-after-free (CVE-ID: CVE-2023-4622)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unix_stream_sendpage() function in af_unix component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

9) Use-after-free (CVE-ID: CVE-2023-51779)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error when handling bt_sock_ioctl in the Bluetooth subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.

10) Use-after-free (CVE-ID: CVE-2023-5178)

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

11) Use-after-free (CVE-ID: CVE-2023-52438)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the binder_alloc_free_page() function in drivers/android/binder_alloc.c. A local user can trigger a race condition and escalate privileges on the system.

12) Out-of-bounds write (CVE-ID: CVE-2023-5717)

The vulnerability local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

13) NULL pointer dereference (CVE-ID: CVE-2023-6176)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel API for the cryptographic algorithm scatterwalk functionality in scatterwalk_copychunks(). A local user can send a malicious packet with specific socket configuration and crash the OS kernel.

14) Out-of-bounds write (CVE-ID: CVE-2023-6931)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's Performance Events system component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

15) Use-after-free (CVE-ID: CVE-2023-6932)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to a use-after-free error within the ipv4 igmp component in Linux kernel. A local authenticated user can trigger a use-after-free error and execute arbitrary code.

16) Use-after-free (CVE-ID: CVE-2024-1086)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code on the system.

17) NULL pointer dereference (CVE-ID: CVE-2024-22099)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

18) Race condition (CVE-ID: CVE-2024-24855)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2024:0111

Vulnerable Software

Anolis OS: 23
python3-perf: before 5.10.134-16.3
perf: before 5.10.134-16.3
kernel-tools-libs-devel: before 5.10.134-16.3
kernel-tools-libs: before 5.10.134-16.3
kernel-tools: before 5.10.134-16.3
kernel-modules-extra: before 5.10.134-16.3
kernel-modules: before 5.10.134-16.3
kernel-headers: before 5.10.134-16.3
kernel-devel: before 5.10.134-16.3
kernel-debug-modules-extra: before 5.10.134-16.3
kernel-debug-modules: before 5.10.134-16.3
kernel-debug-devel: before 5.10.134-16.3
kernel-debug-core: before 5.10.134-16.3
kernel-debug: before 5.10.134-16.3
kernel-core: before 5.10.134-16.3
kernel: before 5.10.134-16.3
bpftool: before 5.10.134-16.3

SB2024032754 - Anolis OS update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human