SB2024070240 - openEuler 20.03 LTS SP4 update for kernel
Published: July 2, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2020-36778)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the xiic_xfer() and xiic_i2c_remove() functions in drivers/i2c/busses/i2c-xiic.c. A local user can gain access to sensitive information.
2) Information disclosure (CVE-ID: CVE-2020-36782)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the lpi2c_imx_master_enable() function in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can gain access to sensitive information.
3) Memory leak (CVE-ID: CVE-2021-46906)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the hid_submit_ctrl() function in drivers/hid/usbhid/hid-core.c. A local user can force the driver to leak memory and perform denial of service attack.
4) Improper check for unusual or exceptional conditions (CVE-ID: CVE-2021-46909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the personal_server_map_irq() function in arch/arm/mach-footbridge/personal-pci.c, within the netwinder_map_irq() function in arch/arm/mach-footbridge/netwinder-pci.c, within the ebsa285_map_irq() function in arch/arm/mach-footbridge/ebsa285-pci.c, within the cats_no_swizzle() function in arch/arm/mach-footbridge/cats-pci.c. A local user can perform a denial of service (DoS) attack.
5) Improper locking (CVE-ID: CVE-2021-46941)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dwc3_set_prtcap(), __dwc3_set_mode() and dwc3_probe() functions in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
6) Out-of-bounds read (CVE-ID: CVE-2021-46955)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ovs_fragment() function in net/openvswitch/actions.c when running openvswitch on kernels built with KASAN. A remote attacker can send specially crafted IPv4 packets to the system, trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
7) Use-after-free (CVE-ID: CVE-2021-46998)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the enic_queue_wq_skb_encap(), enic_queue_wq_skb() and enic_hard_start_xmit() functions in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can escalate privileges on the system.
8) Buffer overflow (CVE-ID: CVE-2021-47006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the breakpoint_handler() function in arch/arm/kernel/hw_breakpoint.c. A local user can perform a denial of service (DoS) attack.
9) Use-after-free (CVE-ID: CVE-2021-47013)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the emac_mac_tx_buf_send() function in drivers/net/ethernet/qualcomm/emac/emac-mac.c. A local user can escalate privileges on the system.
10) Improper error handling (CVE-ID: CVE-2021-47015)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
11) Memory leak (CVE-ID: CVE-2021-47024)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_transport_reset_no_sock(), virtio_transport_do_close() and virtio_transport_close() functions in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
12) Buffer overflow (CVE-ID: CVE-2021-47040)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the io_remove_buffers() and io_provide_buffers_prep() functions in fs/io_uring.c. A local user can escalate privileges on the system.
13) Improper error handling (CVE-ID: CVE-2021-47049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __vmbus_open() function in drivers/hv/channel.c. A local user can perform a denial of service (DoS) attack.
14) State Issues (CVE-ID: CVE-2021-47086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of the socket state within the pep_ioctl() function in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2023-52458)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.
16) Use of uninitialized resource (CVE-ID: CVE-2023-52528)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
17) Out-of-bounds read (CVE-ID: CVE-2023-52602)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
18) Improper validation of array index (CVE-ID: CVE-2023-52603)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of array index within the dtSplitRoot() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
19) Out-of-bounds read (CVE-ID: CVE-2023-52604)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
20) Race condition (CVE-ID: CVE-2024-24855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
Remediation
Install update from vendor's website.