Main Vulnerability Database SB20240624135

SB20240624135 - openEuler 20.03 LTS SP1 update for kernel

Published: June 24, 2024

Security Bulletin ID SB20240624135

Severity

Medium

Patch available

YES

Number of vulnerabilities 20

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 20 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2021-46929)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sctp_transport_lookup_process() and sctp_transport_get_idx() functions in net/sctp/socket.c, within the sctp_sock_dump() and sctp_sock_filter() functions in net/sctp/sctp_diag.c, within the sctp_endpoint_free() and sctp_endpoint_destroy() functions in net/sctp/endpointola.c. A local user can escalate privileges on the system.

2) Use-after-free (CVE-ID: CVE-2021-46936)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inet_init() function in net/ipv4/af_inet.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

3) Use-after-free (CVE-ID: CVE-2021-46966)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cm_write() function in drivers/acpi/custom_method.c. A local user can trigger a use-after-free error and escalate privileges on the system.

4) Double Free (CVE-ID: CVE-2021-47082)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in drivers/net/tun.c. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

5) Use-after-free (CVE-ID: CVE-2021-47123)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the io_link_timeout_fn() function in fs/io_uring.c. A local user can escalate privileges on the system.

6) Buffer overflow (CVE-ID: CVE-2021-47182)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the scsi_mode_sense() function in drivers/scsi/scsi_lib.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

7) Improper locking (CVE-ID: CVE-2021-47185)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2021-47201)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iavf_disable_vf() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.

9) Buffer overflow (CVE-ID: CVE-2021-47203)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.

10) NULL pointer dereference (CVE-ID: CVE-2021-47211)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the snd_usb_set_sample_rate_v2v3() function in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.

11) Memory leak (CVE-ID: CVE-2021-47216)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the asc_prt_adv_board_info() function in drivers/scsi/advansys.c. A local user can perform a denial of service (DoS) attack.

12) NULL pointer dereference (CVE-ID: CVE-2021-47217)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the set_hv_tscchange_cb() function in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.

13) Use of uninitialized resource (CVE-ID: CVE-2023-52477)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.

14) Race condition (CVE-ID: CVE-2023-52609)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.

15) Buffer overflow (CVE-ID: CVE-2023-52612)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.

16) Use of uninitialized resource (CVE-ID: CVE-2024-26635)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.

17) Input validation error (CVE-ID: CVE-2024-26636)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.

18) Resource management error (CVE-ID: CVE-2024-26640)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

19) Access of Uninitialized Pointer (CVE-ID: CVE-2024-26641)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

20) Incorrect calculation (CVE-ID: CVE-2024-26752)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1567

Vulnerable Software

openEuler: 20.03 LTS SP1
perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools: before 4.19.90-2405.1.0.0248
kernel-tools-devel: before 4.19.90-2405.1.0.0248
kernel-debuginfo: before 4.19.90-2405.1.0.0248
python2-perf: before 4.19.90-2405.1.0.0248
bpftool-debuginfo: before 4.19.90-2405.1.0.0248
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0248
kernel-source: before 4.19.90-2405.1.0.0248
python3-perf: before 4.19.90-2405.1.0.0248
kernel-debugsource: before 4.19.90-2405.1.0.0248
python2-perf-debuginfo: before 4.19.90-2405.1.0.0248
perf: before 4.19.90-2405.1.0.0248
bpftool: before 4.19.90-2405.1.0.0248
kernel-devel: before 4.19.90-2405.1.0.0248
python3-perf-debuginfo: before 4.19.90-2405.1.0.0248
kernel: before 4.19.90-2405.1.0.0248

SB20240624135 - openEuler 20.03 LTS SP1 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human