SB2024040377 - openEuler 22.03 LTS update for kernel

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2021-47094)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in arch/x86/kvm/mmu/tdp_iter.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

2) Race condition (CVE-ID: CVE-2023-52502)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() functions in net/nfc/llcp_core.c. A local user can exploit the race and execute arbitrary code with elevated privileges.

3) Buffer overflow (CVE-ID: CVE-2023-52599)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

4) Use-after-free (CVE-ID: CVE-2023-52600)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/jfs/jfs_mount.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

5) Buffer overflow (CVE-ID: CVE-2023-52601)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in fs/jfs/jfs_dmap.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

6) Integer overflow (CVE-ID: CVE-2024-23307)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

7) Use-after-free (CVE-ID: CVE-2024-26622)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tomoyo_write_control() function. A local  user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

8) Use-after-free (CVE-ID: CVE-2024-26625)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2024-26627)

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to improper locking when calling the scsi_host_busy() function. A local user can perform a denial of service attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1356