Main Vulnerability Database SB2024070716

SB2024070716 - openEuler 20.03 LTS SP4 update for kernel

Published: July 7, 2024

Security Bulletin ID SB2024070716

Severity

Medium

Patch available

YES

Number of vulnerabilities 19

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 19 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2021-47121)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cfusbl_create() and cfusbl_device_notify() functions in net/caif/caif_usb.c. A local user can perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2021-47149)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fmvj18x_get_hwinfo() function in drivers/net/ethernet/fujitsu/fmvj18x_cs.c. A local user can perform a denial of service (DoS) attack.

3) NULL pointer dereference (CVE-ID: CVE-2021-47183)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_issue_abort_iotag() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.

4) Improper initialization (CVE-ID: CVE-2021-47194)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper initialization error within the cfg80211_change_iface() function in net/wireless/util.c. A local user can execute arbitrary code.

5) Input validation error (CVE-ID: CVE-2021-47210)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tps6598x_block_read() function in drivers/usb/typec/tps6598x.c. A local user can perform a denial of service (DoS) attack.

6) Buffer overflow (CVE-ID: CVE-2023-52619)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.

7) Race condition (CVE-ID: CVE-2024-24860)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.

8) Input validation error (CVE-ID: CVE-2024-26633)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2024-26644)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.

10) Infinite loop (CVE-ID: CVE-2024-26751)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the GPIO_LOOKUP_IDX() function in arch/arm/mach-ep93xx/core.c. A local user can perform a denial of service (DoS) attack.

11) Resource management error (CVE-ID: CVE-2024-26764)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.

12) Improper locking (CVE-ID: CVE-2024-26772)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

13) Improper locking (CVE-ID: CVE-2024-26773)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

14) Division by zero (CVE-ID: CVE-2024-26777)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the sisfb_check_var() function in drivers/video/fbdev/sis/sis_main.c. A local user can perform a denial of service (DoS) attack.

15) Division by zero (CVE-ID: CVE-2024-26778)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the savagefb_check_var() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.

16) Improper locking (CVE-ID: CVE-2024-26810)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

17) Buffer overflow (CVE-ID: CVE-2024-26884)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

18) Resource management error (CVE-ID: CVE-2024-27437)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

19) Division by zero (CVE-ID: CVE-2022-3061)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to missing checks of the "pixclock" value in the Linux kernel i740 driver. A local user can pass arbitrary values to the driver through ioctl() interface, trigger a divide by zero error and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1526

Vulnerable Software

openEuler: 20.03 LTS SP4
python2-perf: before 4.19.90-2405.1.0.0275
kernel-debugsource: before 4.19.90-2405.1.0.0275
kernel-tools-debuginfo: before 4.19.90-2405.1.0.0275
kernel-tools-devel: before 4.19.90-2405.1.0.0275
perf: before 4.19.90-2405.1.0.0275
python3-perf-debuginfo: before 4.19.90-2405.1.0.0275
bpftool: before 4.19.90-2405.1.0.0275
python3-perf: before 4.19.90-2405.1.0.0275
bpftool-debuginfo: before 4.19.90-2405.1.0.0275
kernel-devel: before 4.19.90-2405.1.0.0275
perf-debuginfo: before 4.19.90-2405.1.0.0275
kernel-source: before 4.19.90-2405.1.0.0275
kernel-debuginfo: before 4.19.90-2405.1.0.0275
kernel-tools: before 4.19.90-2405.1.0.0275
python2-perf-debuginfo: before 4.19.90-2405.1.0.0275
kernel: before 4.19.90-2405.1.0.0275

SB2024070716 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human