Main Vulnerability Database SB2024062810

SB2024062810 - openEuler 20.03 LTS SP4 update for kernel

Published: June 28, 2024

Security Bulletin ID SB2024062810

Severity

High

Patch available

YES

Number of vulnerabilities 54

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 54 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2021-47229)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the advk_pcie_wait_pio(), advk_pcie_rd_conf() and advk_pcie_wr_conf() functions in drivers/pci/host/pci-aardvark.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2021-47234)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mtk_phy_init() function in drivers/phy/mediatek/phy-mtk-tphy.c. A local user can perform a denial of service (DoS) attack.

3) Memory leak (CVE-ID: CVE-2021-47249)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rds_recvmsg() function in net/rds/recv.c. A local user can perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2021-47257)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ieee802154_llsec_parse_dev_addr() function in net/ieee802154/nl802154.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2021-47267)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_assign_descriptors() function in drivers/usb/gadget/config.c. A local user can perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2021-47281)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_seq_timer_open() function in sound/core/seq/seq_timer.c. A local user can escalate privileges on the system.

7) Use-after-free (CVE-ID: CVE-2021-47301)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the igb_clean_tx_ring() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.

8) Use-after-free (CVE-ID: CVE-2021-47310)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tlan_remove_one() function in drivers/net/ethernet/ti/tlan.c. A local user can escalate privileges on the system.

9) Use-after-free (CVE-ID: CVE-2021-47321)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/w83877f_wdt.c, within the lpc18xx_wdt_remove() function in drivers/watchdog/lpc18xx_wdt.c. A local user can escalate privileges on the system.

10) Use-after-free (CVE-ID: CVE-2021-47334)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ibmasm_init_one() function in drivers/misc/ibmasm/module.c. A local user can escalate privileges on the system.

11) Memory leak (CVE-ID: CVE-2021-47344)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the zr364xx_start_readpipe() function in drivers/media/usb/zr364xx/zr364xx.c. A local user can perform a denial of service (DoS) attack.

12) Improper locking (CVE-ID: CVE-2021-47354)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drm_sched_entity_kill_jobs_cb() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2021-47372)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macb_remove() function in drivers/net/ethernet/cadence/macb_pci.c. A local user can escalate privileges on the system.

14) Information disclosure (CVE-ID: CVE-2021-47425)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the i2c_acpi_notify() function in drivers/i2c/i2c-core-acpi.c. A local user can gain access to sensitive information.

15) NULL pointer dereference (CVE-ID: CVE-2021-47440)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the encx24j600_spi_probe() function in drivers/net/ethernet/microchip/encx24j600.c, within the devm_regmap_init_encx24j600() function in drivers/net/ethernet/microchip/encx24j600-regmap.c. A local user can perform a denial of service (DoS) attack.

16) Use-after-free (CVE-ID: CVE-2021-47456)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the peak_pci_remove() function in drivers/net/can/sja1000/peak_pci.c. A local user can escalate privileges on the system.

17) Improper locking (CVE-ID: CVE-2021-47468)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nj_release() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.

18) Buffer overflow (CVE-ID: CVE-2021-47474)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the vmk80xx_do_bulk_msg() function in drivers/staging/comedi/drivers/vmk80xx.c. A local user can escalate privileges on the system.

19) Improper error handling (CVE-ID: CVE-2021-47482)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the batadv_tt_init() function in net/batman-adv/translation-table.c, within the batadv_nc_mesh_init() function in net/batman-adv/network-coding.c, within the batadv_mesh_init() function in net/batman-adv/main.c, within the batadv_bla_init() function in net/batman-adv/bridge_loop_avoidance.c. A local user can perform a denial of service (DoS) attack.

20) Double free (CVE-ID: CVE-2021-47483)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the regcache_rbtree_insert_to_block() function in drivers/base/regmap/regcache-rbtree.c. A local user can perform a denial of service (DoS) attack.

21) Buffer overflow (CVE-ID: CVE-2021-47485)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qib_user_sdma_num_pages(), qib_user_sdma_free_pkt_frag(), qib_user_sdma_pin_pkt() and qib_user_sdma_queue_pkts() functions in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can escalate privileges on the system.

22) Buffer overflow (CVE-ID: CVE-2021-47496)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the tls_err_abort(), tls_tx_records(), tls_push_record(), tls_sw_recvmsg() and tls_sw_splice_read() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.

23) Buffer overflow (CVE-ID: CVE-2021-47509)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the snd_pcm_oss_set_fragment1() function in sound/core/oss/pcm_oss.c. A local user can perform a denial of service (DoS) attack.

24) Memory leak (CVE-ID: CVE-2021-47516)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfp_cpp_area_cache_add() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can perform a denial of service (DoS) attack.

25) Use-after-free (CVE-ID: CVE-2021-47571)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the _rtl92e_pci_disconnect() function in drivers/staging/rtl8192e/rtl8192e/rtl_core.c. A local user can escalate privileges on the system.

26) Information disclosure (CVE-ID: CVE-2022-48693)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the brcmstb_pm_probe() function in drivers/soc/bcm/brcmstb/pm/pm-arm.c. A local user can perform a denial of service (DoS) attack.

27) Improper error handling (CVE-ID: CVE-2023-52708)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mmc_spi_probe() function in drivers/mmc/host/mmc_spi.c. A local user can perform a denial of service (DoS) attack.

28) Resource management error (CVE-ID: CVE-2023-52742)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pl_vendor_req() function in drivers/net/usb/plusb.c. A local user can perform a denial of service (DoS) attack.

29) Information disclosure (CVE-ID: CVE-2023-52747)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the user_exp_rcv_setup() function in drivers/infiniband/hw/hfi1/file_ops.c. A local user can gain access to sensitive information.

30) Out-of-bounds read (CVE-ID: CVE-2023-52764)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the set_flicker() function in drivers/media/usb/gspca/cpia1.c. A local user can perform a denial of service (DoS) attack.

31) Out-of-bounds read (CVE-ID: CVE-2023-52810)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

32) Improper locking (CVE-ID: CVE-2023-52836)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the list_for_each_entry_safe(), stress_one_work() and stress() functions in kernel/locking/test-ww_mutex.c. A local user can perform a denial of service (DoS) attack.

33) Use of uninitialized resource (CVE-ID: CVE-2023-52843)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.

34) NULL pointer dereference (CVE-ID: CVE-2023-52875)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt2701.c. A local user can perform a denial of service (DoS) attack.

35) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-52880)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.

36) Improper locking (CVE-ID: CVE-2024-27014)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.

37) Race condition within a thread (CVE-ID: CVE-2024-27019)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.

38) Improper locking (CVE-ID: CVE-2024-27402)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pep_sock_enable() and pep_ioctl() functions in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.

39) Improper locking (CVE-ID: CVE-2024-35819)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

40) Improper locking (CVE-ID: CVE-2024-35821)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.

41) Memory leak (CVE-ID: CVE-2024-35828)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.

42) Improper locking (CVE-ID: CVE-2024-35910)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.

43) Improper error handling (CVE-ID: CVE-2024-35935)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the iterate_inode_ref() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.

44) Out-of-bounds read (CVE-ID: CVE-2024-35937)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

45) Improper error handling (CVE-ID: CVE-2024-35947)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.

46) Infinite loop (CVE-ID: CVE-2024-35982)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.

47) Out-of-bounds write (CVE-ID: CVE-2024-36016)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

48) Use-after-free (CVE-ID: CVE-2024-36886)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.

49) NULL pointer dereference (CVE-ID: CVE-2024-36901)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

50) Race condition (CVE-ID: CVE-2024-36905)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.

51) Improper locking (CVE-ID: CVE-2024-36919)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.

52) Out-of-bounds read (CVE-ID: CVE-2024-36934)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.

53) Race condition (CVE-ID: CVE-2024-36952)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.

54) Out-of-bounds read (CVE-ID: CVE-2024-36960)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1736

Vulnerable Software

openEuler: 20.03 LTS SP4
bpftool-debuginfo: before 4.19.90-2406.3.0.0282
kernel-debuginfo: before 4.19.90-2406.3.0.0282
kernel-source: before 4.19.90-2406.3.0.0282
python2-perf: before 4.19.90-2406.3.0.0282
kernel-debugsource: before 4.19.90-2406.3.0.0282
kernel-tools-debuginfo: before 4.19.90-2406.3.0.0282
python3-perf-debuginfo: before 4.19.90-2406.3.0.0282
perf-debuginfo: before 4.19.90-2406.3.0.0282
kernel-tools-devel: before 4.19.90-2406.3.0.0282
perf: before 4.19.90-2406.3.0.0282
kernel-devel: before 4.19.90-2406.3.0.0282
kernel-tools: before 4.19.90-2406.3.0.0282
python2-perf-debuginfo: before 4.19.90-2406.3.0.0282
bpftool: before 4.19.90-2406.3.0.0282
python3-perf: before 4.19.90-2406.3.0.0282
kernel: before 4.19.90-2406.3.0.0282

SB2024062810 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human