SB2024050854 - openEuler 20.03 LTS SP1 update for kernel
Published: May 8, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 33 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2020-36777)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dvb_media_device_free() function in drivers/media/dvb-core/dvbdev.c. A local user can crash the system.
2) Memory leak (CVE-ID: CVE-2020-36780)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due reference leak when pm_runtime_get_sync fails within the sprd_i2c_master_xfer() and sprd_i2c_remove() function in drivers/i2c/busses/i2c-sprd.c. A local user can perform denial of service attack.
3) Memory leak (CVE-ID: CVE-2020-36784)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due a reference leak in drivers/i2c/busses/i2c-cadence.c. A local user can perform a denial of service attack.
4) NULL pointer dereference (CVE-ID: CVE-2021-46904)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error during tty device unregistration
within the get_free_serial_index() function in drivers/net/usb/hso.c. A local user can perform a denial of service (DoS) attack.
5) Memory leak (CVE-ID: CVE-2021-46924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in drivers/nfc/st21nfca/i2c.c. A local user can perform a denial of service attack.
6) Resource management error (CVE-ID: CVE-2021-46926)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the sdw_intel_acpi_cb() function in sound/hda/intel-sdw-acpi.c. A local user can perform a denial of service (DoS) attack.
7) Improper handling of exceptional conditions (CVE-ID: CVE-2021-46928)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of errors within the handle_interruption() function in arch/parisc/kernel/traps.c. A local user can send specially crafted input and perform a denial of service (DoS) attack.
8) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2021-46934)
The vulnerability allows a local user to produce warnings from the userspace.
The vulnerability exists due to improper error handling within the compat_i2cdev_ioctl() function in drivers/i2c/i2c-dev.c. A local user can pass specially crafted data to the driver and influence its behavior.
9) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2021-46935)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the binder_free_buf_locked() function in drivers/android/binder_alloc.c. A local user can gain access to sensitive information on the system.
10) Out-of-bounds read (CVE-ID: CVE-2021-46952)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the nfs23_parse_monolithic() function in fs/nfs/fs_context.c when handling UDP retrans. A remote attacker can trigger an out-of-bounds read error and gain access to sensitive information or perform a denial of service (DoS) attack.
11) Deadlock (CVE-ID: CVE-2021-46989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to deadlock within the inhfsplus_file_truncate() function in fs/hfsplus/extents.c. A local user can crash the system.
12) State Issues (CVE-ID: CVE-2021-47086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of the socket state within the pep_ioctl() function in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.
13) Buffer overflow (CVE-ID: CVE-2021-47112)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Teardown PV features implementation in arch/x86/kernel/kvm.c. A local user can trigger memory corruption and escalate privileges on the system.
14) Resource management error (CVE-ID: CVE-2021-47113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the btrfs_rename_exchange() function in fs/btrfs/inode.c. A local user can corrupt the filesystem and perform a denial of service (DoS) attack.
15) Buffer overflow (CVE-ID: CVE-2021-47114)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/ocfs2/file.c. A local user can trigger memory corruption and crash the kernel.
16) Memory leak (CVE-ID: CVE-2021-47122)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the caif_device_notify() function in net/caif/caif_dev.c. A local user can perform a denial of service attack.
17) NULL pointer dereference (CVE-ID: CVE-2023-52443)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unpack_profile() function in security/apparmor/policy_unpack.c. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2023-52469)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
19) Out-of-bounds read (CVE-ID: CVE-2023-52476)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the branch_type() and get_branch_type() functions in arch/x86/events/utils.c. A local user can trigger an out-of-bounds read error and crash the kernel.
20) Race condition (CVE-ID: CVE-2023-52502)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() functions in net/nfc/llcp_core.c. A local user can exploit the race and execute arbitrary code with elevated privileges.
21) Use-after-free (CVE-ID: CVE-2023-52509)
The vulnerability allows a local user can escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_close() function in drivers/net/ethernet/renesas/ravb_main.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
22) Buffer overflow (CVE-ID: CVE-2023-52599)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
23) Use-after-free (CVE-ID: CVE-2023-52600)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in fs/jfs/jfs_mount.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
24) Buffer overflow (CVE-ID: CVE-2023-52601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/jfs/jfs_dmap.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
25) Out-of-bounds read (CVE-ID: CVE-2023-52602)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
26) Improper validation of array index (CVE-ID: CVE-2023-52603)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of array index within the dtSplitRoot() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
27) Integer overflow (CVE-ID: CVE-2024-23307)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
28) Race condition (CVE-ID: CVE-2024-24855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
29) Out-of-bounds read (CVE-ID: CVE-2024-26597)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c when parsing the netlink attributes. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2024-26600)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.
31) Resource management error (CVE-ID: CVE-2024-26606)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the binder_enqueue_thread_work_ilocked() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2024-26622)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tomoyo_write_control() function. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
33) Use-after-free (CVE-ID: CVE-2024-26625)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.