Main Vulnerability Database SB2024070840

SB2024070840 - openEuler 22.03 LTS SP1 update for kernel

Published: July 8, 2024

Security Bulletin ID SB2024070840

Severity

Low

Patch available

YES

Number of vulnerabilities 61

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 61 secuirty vulnerabilities.

1) Improper locking (CVE-ID: CVE-2021-47421)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the amdgpu_pci_error_detected() and amdgpu_pci_resume() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2021-47455)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ptp_clock_register() function in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.

3) Memory leak (CVE-ID: CVE-2022-48641)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the do_replace_finish() function in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2022-48708)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pcs_set_mux() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2023-52650)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.

6) Use of obsolete function (CVE-ID: CVE-2023-52656)

The vulnerability allows a local user to have negative impact on system performance.

The vulnerability exists due to usage of dead code related to SCM_RIGHTS within the io_allocate_scq_urings(), io_ring_ctx_free(), and io_cqring_wait() function in fs/io_uring.c. A local user can influence system performance.

7) Double free (CVE-ID: CVE-2023-52664)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the aq_vec_ring_alloc() function in drivers/net/ethernet/aquantia/atlantic/aq_vec.c, within the aq_get_rxpages(), aq_ring_alloc(), aq_ring_rx_alloc() and aq_ring_hwts_rx_alloc() functions in drivers/net/ethernet/aquantia/atlantic/aq_ring.c, within the aq_ptp_ring_alloc() function in drivers/net/ethernet/aquantia/atlantic/aq_ptp.c. A local user can perform a denial of service (DoS) attack.

8) Integer overflow (CVE-ID: CVE-2023-52683)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the lpit_update_residency() function in drivers/acpi/acpi_lpit.c. A local user can execute arbitrary code.

9) Memory leak (CVE-ID: CVE-2023-52698)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the netlbl_calipso_ops_register(), netlbl_calipso_add_pass() and netlbl_calipso_genl_init() functions in net/netlabel/netlabel_calipso.c. A local user can perform a denial of service (DoS) attack.

10) NULL pointer dereference (CVE-ID: CVE-2023-52809)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fc_lport_ptp_setup() function in drivers/scsi/libfc/fc_lport.c. A local user can perform a denial of service (DoS) attack.

11) Resource management error (CVE-ID: CVE-2023-52813)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.

12) NULL pointer dereference (CVE-ID: CVE-2023-52817)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_debugfs_regs_smc_read() and amdgpu_debugfs_regs_smc_write() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.

13) Out-of-bounds read (CVE-ID: CVE-2023-52835)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2023-52837)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_dev_remove(), nbd_release() and IS_ENABLED() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

15) Use-after-free (CVE-ID: CVE-2023-52840)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rmi_unregister_function() function in drivers/input/rmi4/rmi_bus.c. A local user can escalate privileges on the system.

16) NULL pointer dereference (CVE-ID: CVE-2023-52844)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vidtv_psi_service_desc_init() and kstrdup() functions in drivers/media/test-drivers/vidtv/vidtv_psi.c. A local user can perform a denial of service (DoS) attack.

17) Use-after-free (CVE-ID: CVE-2023-52847)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bttv_remove() function in drivers/media/pci/bt8xx/bttv-driver.c. A local user can escalate privileges on the system.

18) Use-after-free (CVE-ID: CVE-2023-52854)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL() function in kernel/padata.c. A local user can escalate privileges on the system.

19) NULL pointer dereference (CVE-ID: CVE-2023-52860)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hns3_pmu_init_pmu() and hns3_pmu_uninit_pmu() functions in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.

20) NULL pointer dereference (CVE-ID: CVE-2023-52863)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the axi_fan_control_probe() function in drivers/hwmon/axi-fan-control.c. A local user can perform a denial of service (DoS) attack.

21) Buffer overflow (CVE-ID: CVE-2023-52867)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the drivers/gpu/drm/radeon/evergreen.c. A local user can escalate privileges on the system.

22) NULL pointer dereference (CVE-ID: CVE-2023-52869)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pstore_register() function in fs/pstore/platform.c. A local user can perform a denial of service (DoS) attack.

23) NULL pointer dereference (CVE-ID: CVE-2023-52876)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the clk_mt7629_ethsys_init() and clk_mt7629_sgmiisys_init() functions in drivers/clk/mediatek/clk-mt7629-eth.c. A local user can perform a denial of service (DoS) attack.

24) Use-after-free (CVE-ID: CVE-2023-52879)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the apply_event_filter() function in kernel/trace/trace_events_filter.c, within the remove_subsystem(), event_enable_read(), event_enable_write(), event_filter_read() and trace_create_new_event() functions in kernel/trace/trace_events.c, within the register_event_command() function in kernel/trace/trace.h, within the tracing_open_file_tr() and tracing_release_file_tr() functions in kernel/trace/trace.c. A local user can escalate privileges on the system.

25) Improper error handling (CVE-ID: CVE-2024-26814)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.

26) Improper locking (CVE-ID: CVE-2024-26923)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.

27) NULL pointer dereference (CVE-ID: CVE-2024-26950)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the get_peer() function in drivers/net/wireguard/netlink.c. A local user can perform a denial of service (DoS) attack.

28) Use-after-free (CVE-ID: CVE-2024-26958)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.

29) Use-after-free (CVE-ID: CVE-2024-26961)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.

30) Out-of-bounds read (CVE-ID: CVE-2024-26965)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.

31) Memory leak (CVE-ID: CVE-2024-26972)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mutex_unlock() function in fs/ubifs/dir.c. A local user can perform a denial of service (DoS) attack.

32) Improper locking (CVE-ID: CVE-2024-26976)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.

33) Input validation error (CVE-ID: CVE-2024-26982)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_new_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

34) Information disclosure (CVE-ID: CVE-2024-26993)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.

35) Improper locking (CVE-ID: CVE-2024-27000)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.

36) Out-of-bounds read (CVE-ID: CVE-2024-27008)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.

37) Buffer overflow (CVE-ID: CVE-2024-27045)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dp_dsc_clock_en_read() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can escalate privileges on the system.

38) Division by zero (CVE-ID: CVE-2024-27059)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.

39) Improper locking (CVE-ID: CVE-2024-27072)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usbtv_video_free() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.

40) Memory leak (CVE-ID: CVE-2024-27073)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.

41) Stack-based buffer overflow (CVE-ID: CVE-2024-27075)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.

42) Resource management error (CVE-ID: CVE-2024-27389)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the pstore_put_backend_records() function in fs/pstore/inode.c. A local user can perform a denial of service (DoS) attack.

43) Buffer overflow (CVE-ID: CVE-2024-27407)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.

44) Race condition within a thread (CVE-ID: CVE-2024-27419)

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.

45) Use-after-free (CVE-ID: CVE-2024-35791)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the svm_register_enc_region() function in arch/x86/kvm/svm/sev.c. A local user can escalate privileges on the system.

46) Input validation error (CVE-ID: CVE-2024-35801)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fpu__init_cpu_xstate() function in arch/x86/kernel/fpu/xstate.c. A local user can perform a denial of service (DoS) attack.

47) Improper locking (CVE-ID: CVE-2024-35805)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.

48) Improper locking (CVE-ID: CVE-2024-35806)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

49) Improper locking (CVE-ID: CVE-2024-35818)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arch/loongarch/include/asm/io.h. A local user can perform a denial of service (DoS) attack.

50) Double free (CVE-ID: CVE-2024-35835)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.

51) Incorrect calculation (CVE-ID: CVE-2024-35844)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the reserve_compress_blocks(), f2fs_reserve_compress_blocks() and mnt_drop_write_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

52) Input validation error (CVE-ID: CVE-2024-35845)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.

53) Buffer overflow (CVE-ID: CVE-2024-35848)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.

54) Race condition within a thread (CVE-ID: CVE-2024-35898)

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.

55) Division by zero (CVE-ID: CVE-2024-35922)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.

56) Memory leak (CVE-ID: CVE-2024-35930)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.

57) Improper error handling (CVE-ID: CVE-2024-35936)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.

58) NULL pointer dereference (CVE-ID: CVE-2024-35940)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the psz_kmsg_read() function in fs/pstore/zone.c. A local user can perform a denial of service (DoS) attack.

59) Out-of-bounds read (CVE-ID: CVE-2024-35976)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.

60) Infinite loop (CVE-ID: CVE-2024-35997)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.

61) Resource management error (CVE-ID: CVE-2024-36006)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlxsw_sp_acl_tcam_vchunk_migrate_one() and mlxsw_sp_acl_tcam_vchunk_migrate_all() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1680

Vulnerable Software

openEuler: 22.03 LTS SP1
kernel-tools: before 5.10.0-136.77.0.157
kernel-debugsource: before 5.10.0-136.77.0.157
perf-debuginfo: before 5.10.0-136.77.0.157
kernel-source: before 5.10.0-136.77.0.157
python3-perf: before 5.10.0-136.77.0.157
kernel-devel: before 5.10.0-136.77.0.157
kernel-debuginfo: before 5.10.0-136.77.0.157
kernel-headers: before 5.10.0-136.77.0.157
perf: before 5.10.0-136.77.0.157
kernel-tools-devel: before 5.10.0-136.77.0.157
python3-perf-debuginfo: before 5.10.0-136.77.0.157
kernel-tools-debuginfo: before 5.10.0-136.77.0.157
kernel: before 5.10.0-136.77.0.157

SB2024070840 - openEuler 22.03 LTS SP1 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human