SB2024072122 - openEuler 22.03 LTS SP1 update for kernel
Published: July 21, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 35 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2021-47618)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the obj-$() function in arch/arm/probes/kprobes/Makefile. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2022-48733)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_wait_delalloc_flush() and btrfs_commit_transaction() functions in fs/btrfs/transaction.c, within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can escalate privileges on the system.
3) Buffer overflow (CVE-ID: CVE-2022-48744)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mlx5e_xmit_xdp_frame() function in drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c. A local user can escalate privileges on the system.
4) Resource management error (CVE-ID: CVE-2022-48765)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_apic_set_state() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2022-48772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
6) NULL pointer dereference (CVE-ID: CVE-2023-52873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_mt6779_apmixed_probe() and clk_mt6779_top_probe() functions in drivers/clk/mediatek/clk-mt6779.c. A local user can perform a denial of service (DoS) attack.
7) Memory leak (CVE-ID: CVE-2024-35879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pr_fmt() and of_changeset_destroy() functions in drivers/of/dynamic.c. A local user can perform a denial of service (DoS) attack.
8) Memory leak (CVE-ID: CVE-2024-35893)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
9) Use-after-free (CVE-ID: CVE-2024-35969)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.
10) Input validation error (CVE-ID: CVE-2024-35988)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/riscv/include/asm/pgtable.h. A local user can perform a denial of service (DoS) attack.
11) Resource management error (CVE-ID: CVE-2024-35989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the perf_event_cpu_offline() function in drivers/dma/idxd/perfmon.c. A local user can perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2024-36014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
13) NULL pointer dereference (CVE-ID: CVE-2024-36489)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
14) Resource management error (CVE-ID: CVE-2024-37353)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.
15) Race condition (CVE-ID: CVE-2024-37354)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
16) Use of uninitialized resource (CVE-ID: CVE-2024-38381)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
17) NULL pointer dereference (CVE-ID: CVE-2024-38547)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.
18) Out-of-bounds read (CVE-ID: CVE-2024-38552)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
19) Improper locking (CVE-ID: CVE-2024-38553)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
20) Memory leak (CVE-ID: CVE-2024-38554)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
21) Buffer overflow (CVE-ID: CVE-2024-38577)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.
22) Buffer overflow (CVE-ID: CVE-2024-38579)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
23) Improper locking (CVE-ID: CVE-2024-38582)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
24) Use-after-free (CVE-ID: CVE-2024-38583)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
25) Resource management error (CVE-ID: CVE-2024-38590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_cqe_status() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
26) Race condition within a thread (CVE-ID: CVE-2024-38596)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
27) Memory leak (CVE-ID: CVE-2024-38602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_addr_ax25dev(), ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
28) Memory leak (CVE-ID: CVE-2024-38603)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hns3_pmu_irq_register() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.
29) NULL pointer dereference (CVE-ID: CVE-2024-38625)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ntfs_get_block_vbo() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2024-38633)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
31) NULL pointer dereference (CVE-ID: CVE-2024-38637)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.
32) Improper locking (CVE-ID: CVE-2024-38780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
33) Use of uninitialized resource (CVE-ID: CVE-2024-39301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
34) Improper locking (CVE-ID: CVE-2024-39362)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i2c_acpi_find_client_by_adev() and i2c_acpi_notify() functions in drivers/i2c/i2c-core-acpi.c. A local user can perform a denial of service (DoS) attack.
35) Out-of-bounds read (CVE-ID: CVE-2024-39467)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.