Main Vulnerability Database SB2024062809

SB2024062809 - openEuler 22.03 LTS SP1 update for kernel

Published: June 28, 2024 Updated: July 5, 2024

Security Bulletin ID SB2024062809

Severity

Low

Patch available

YES

Number of vulnerabilities 55

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 55 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2021-47370)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mptcp_sendmsg_frag() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

2) Out-of-bounds read (CVE-ID: CVE-2021-47489)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dp_phy_settings_write(), dp_phy_test_pattern_debugfs_write(), dp_dsc_passthrough_set(), trigger_hotplug(), dp_dsc_clock_en_write(), dp_dsc_slice_width_write(), dp_dsc_slice_height_write(), dp_dsc_bits_per_pixel_write() and dp_max_bpc_write() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.

3) Race condition within a thread (CVE-ID: CVE-2022-48689)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a data race within the skb_frag_size_add() function in net/ipv4/tcp.c, within the __zerocopy_sg_from_iter() function in net/core/datagram.c. A local user can execute arbitrary code.

4) Resource management error (CVE-ID: CVE-2023-52654)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the scm_fp_copy() function in net/core/scm.c, within the io_finish_async() and io_sqe_files_register() functions in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.

5) Buffer overflow (CVE-ID: CVE-2023-52655)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the aqc111_rx_fixup() function in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.

6) Out-of-bounds read (CVE-ID: CVE-2023-52669)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ctr_paes_crypt() function in arch/s390/crypto/paes_s390.c, within the ctr_aes_crypt() function in arch/s390/crypto/aes_s390.c. A local user can perform a denial of service (DoS) attack.

7) Improper locking (CVE-ID: CVE-2023-52699)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the block_end(), get_branch(), get_block() and find_shared() functions in fs/sysv/itree.c. A local user can perform a denial of service (DoS) attack.

8) Use of uninitialized resource (CVE-ID: CVE-2023-52703)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the kalmia_send_init_packet() function in drivers/net/usb/kalmia.c. A local user can perform a denial of service (DoS) attack.

9) Information disclosure (CVE-ID: CVE-2023-52730)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sdio_read_func_cis() and sdio_free_func_cis() functions in drivers/mmc/core/sdio_cis.c, within the sdio_release_func(), sdio_alloc_func() and sdio_add_func() functions in drivers/mmc/core/sdio_bus.c. A local user can gain access to sensitive information.

10) Memory leak (CVE-ID: CVE-2023-52735)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sock_map_unhash(), sock_map_destroy() and sock_map_close() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2023-52736)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_hda_codec_cleanup_for_unbind() function in sound/pci/hda/hda_codec.c, within the hda_codec_driver_probe() and hda_codec_driver_remove() functions in sound/pci/hda/hda_bind.c. A local user can perform a denial of service (DoS) attack.

12) Improper error handling (CVE-ID: CVE-2023-52750)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/arm64/Kconfig. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2023-52752)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.

14) Reachable Assertion (CVE-ID: CVE-2023-52759)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the qd_check_sync() function in fs/gfs2/quota.c. A local user can perform a denial of service (DoS) attack.

15) Improper locking (CVE-ID: CVE-2023-52774)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dasd_profile_start() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

16) NULL pointer dereference (CVE-ID: CVE-2023-52789)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vcc_probe() and vcc_table_remove() functions in drivers/tty/vcc.c. A local user can perform a denial of service (DoS) attack.

17) Double free (CVE-ID: CVE-2023-52795)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the vhost_vdpa_probe() function in drivers/vhost/vdpa.c. A local user can perform a denial of service (DoS) attack.

18) NULL pointer dereference (CVE-ID: CVE-2023-52802)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stm32_adc_probe() function in drivers/iio/adc/stm32-adc-core.c. A local user can perform a denial of service (DoS) attack.

19) Out-of-bounds read (CVE-ID: CVE-2023-52804)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

20) Out-of-bounds read (CVE-ID: CVE-2023-52805)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diInitInode() and diAlloc() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

21) NULL pointer dereference (CVE-ID: CVE-2023-52808)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the debugfs_bist_init_v3_hw() and debugfs_init_v3_hw() functions in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.

22) NULL pointer dereference (CVE-ID: CVE-2023-52814)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_device_gpu_recover() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

23) Out-of-bounds read (CVE-ID: CVE-2023-52818)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/include/pptable.h, drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.

24) Out-of-bounds read (CVE-ID: CVE-2023-52819)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.

25) NULL pointer dereference (CVE-ID: CVE-2023-52826)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tpg110_get_modes() function in drivers/gpu/drm/panel/panel-tpo-tpg110.c. A local user can perform a denial of service (DoS) attack.

26) Integer overflow (CVE-ID: CVE-2023-52832)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.

27) Improper locking (CVE-ID: CVE-2023-52836)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the list_for_each_entry_safe(), stress_one_work() and stress() functions in kernel/locking/test-ww_mutex.c. A local user can perform a denial of service (DoS) attack.

28) Use of uninitialized resource (CVE-ID: CVE-2023-52845)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the net/tipc/netlink.c. A local user can perform a denial of service (DoS) attack.

29) NULL pointer dereference (CVE-ID: CVE-2023-52858)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt7629.c. A local user can perform a denial of service (DoS) attack.

30) Use-after-free (CVE-ID: CVE-2023-52859)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hisi_sllc_pmu_probe() function in drivers/perf/hisilicon/hisi_uncore_sllc_pmu.c, within the hisi_pa_pmu_probe() function in drivers/perf/hisilicon/hisi_uncore_pa_pmu.c. A local user can escalate privileges on the system.

31) Buffer overflow (CVE-ID: CVE-2023-52864)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.

32) Buffer overflow (CVE-ID: CVE-2023-52871)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the qcom_llcc_probe() function in drivers/soc/qcom/llcc-qcom.c. A local user can perform a denial of service (DoS) attack.

33) Out-of-bounds read (CVE-ID: CVE-2023-52878)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_put_echo_skb() function in drivers/net/can/dev/skb.c. A local user can perform a denial of service (DoS) attack.

34) Memory leak (CVE-ID: CVE-2024-26833)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dm_sw_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

35) Resource management error (CVE-ID: CVE-2024-26877)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.

36) Improper locking (CVE-ID: CVE-2024-26934)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.

37) Race condition within a thread (CVE-ID: CVE-2024-27020)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.

38) Buffer overflow (CVE-ID: CVE-2024-27401)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

39) Buffer overflow (CVE-ID: CVE-2024-27413)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the efi_capsule_open() function in drivers/firmware/efi/capsule-loader.c. A local user can escalate privileges on the system.

40) Improper locking (CVE-ID: CVE-2024-35822)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.

41) Buffer overflow (CVE-ID: CVE-2024-35823)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vc_uniscr_delete() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

42) Resource management error (CVE-ID: CVE-2024-35840)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the subflow_finish_connect() function in net/mptcp/subflow.c. A local user can perform a denial of service (DoS) attack.

43) Memory leak (CVE-ID: CVE-2024-35877)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.

44) Information disclosure (CVE-ID: CVE-2024-35939)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the dma_direct_alloc(), __dma_direct_free_pages() and dma_direct_alloc_pages() functions in kernel/dma/direct.c. A local user can gain access to sensitive information.

45) Use-after-free (CVE-ID: CVE-2024-35950)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.

46) Information disclosure (CVE-ID: CVE-2024-35956)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the btrfs_subvolume_reserve_metadata() function in fs/btrfs/root-tree.c, within the create_subvol() and create_snapshot() functions in fs/btrfs/ioctl.c, within the btrfs_delete_subvolume() and btrfs_end_transaction() functions in fs/btrfs/inode.c. A local user can gain access to sensitive information.

47) Resource management error (CVE-ID: CVE-2024-35958)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.

48) Improper Initialization (CVE-ID: CVE-2024-35960)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.

49) Memory leak (CVE-ID: CVE-2024-35978)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.

50) NULL pointer dereference (CVE-ID: CVE-2024-35984)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i2c_check_for_quirks() function in drivers/i2c/i2c-core-base.c. A local user can perform a denial of service (DoS) attack.

51) Buffer overflow (CVE-ID: CVE-2024-35995)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the show_cppc_data(), acpi_cppc_processor_probe(), cpc_read() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.

52) Reachable Assertion (CVE-ID: CVE-2024-36000)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

53) Unchecked Return Value (CVE-ID: CVE-2024-36015)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.

54) Double Free (CVE-ID: CVE-2024-36940)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

55) Out-of-bounds write (CVE-ID: CVE-2021-42327)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to out-of-bounds write error. A local privileged user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1693

Vulnerable Software

openEuler: 22.03 LTS SP1
perf-debuginfo: before 5.10.0-136.78.0.158
kernel-debugsource: before 5.10.0-136.78.0.158
kernel-source: before 5.10.0-136.78.0.158
kernel-headers: before 5.10.0-136.78.0.158
kernel-debuginfo: before 5.10.0-136.78.0.158
kernel-tools: before 5.10.0-136.78.0.158
python3-perf: before 5.10.0-136.78.0.158
kernel-tools-devel: before 5.10.0-136.78.0.158
perf: before 5.10.0-136.78.0.158
kernel-tools-debuginfo: before 5.10.0-136.78.0.158
python3-perf-debuginfo: before 5.10.0-136.78.0.158
kernel-devel: before 5.10.0-136.78.0.158
kernel: before 5.10.0-136.78.0.158

SB2024062809 - openEuler 22.03 LTS SP1 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human