SB2024072670 - openEuler 24.03 LTS update for kernel

Main Vulnerability Database SB2024072670

SB2024072670 - openEuler 24.03 LTS update for kernel

Published: July 26, 2024

Security Bulletin ID SB2024072670

Severity

Low

Patch available

YES

Number of vulnerabilities 42

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 42 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2024-34030)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the of_pci_prop_intr_map() function in drivers/pci/of_property.c. A local user can perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2024-36014)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.

3) Out-of-bounds write (CVE-ID: CVE-2024-36016)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

4) Input validation error (CVE-ID: CVE-2024-36031)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.

5) Input validation error (CVE-ID: CVE-2024-36881)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the userfaultfd_release() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

6) Improper error handling (CVE-ID: CVE-2024-36939)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

7) Use-after-free (CVE-ID: CVE-2024-36979)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the br_mst_vlan_set_state() and br_mst_set_state() functions in net/bridge/br_mst.c. A local user can escalate privileges on the system.

8) Out-of-bounds read (CVE-ID: CVE-2024-38559)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

9) Out-of-bounds read (CVE-ID: CVE-2024-38578)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.

10) Improper locking (CVE-ID: CVE-2024-38589)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.

11) Input validation error (CVE-ID: CVE-2024-38618)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.

12) Use of uninitialized resource (CVE-ID: CVE-2024-38619)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2024-39463)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.

14) Improper error handling (CVE-ID: CVE-2024-39469)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

15) Out-of-bounds read (CVE-ID: CVE-2024-39472)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.

16) Use of uninitialized resource (CVE-ID: CVE-2024-39485)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __v4l2_async_nf_unregister() function in drivers/media/v4l2-core/v4l2-async.c. A local user can perform a denial of service (DoS) attack.

17) Use-after-free (CVE-ID: CVE-2024-39494)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.

18) Memory leak (CVE-ID: CVE-2024-39499)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.

19) NULL pointer dereference (CVE-ID: CVE-2024-39505)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.

20) Improper locking (CVE-ID: CVE-2024-40912)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.

21) Improper locking (CVE-ID: CVE-2024-40916)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hdmi_get_modes() function in drivers/gpu/drm/exynos/exynos_hdmi.c. A local user can perform a denial of service (DoS) attack.

22) Improper locking (CVE-ID: CVE-2024-40918)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the PTR_PAGE_ALIGN_DOWN(), __flush_cache_page(), flush_icache_pages(), pte_needs_flush(), flush_dcache_folio(), purge_kernel_dcache_page_asm(), copy_user_highpage(), __flush_tlb_range(), flush_cache_range(), flush_anon_page() and invalidate_kernel_vmap_range() functions in arch/parisc/kernel/cache.c. A local user can perform a denial of service (DoS) attack.

23) Improper error handling (CVE-ID: CVE-2024-40923)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vmxnet3_rq_destroy_all_rxdataring() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.

24) Out-of-bounds read (CVE-ID: CVE-2024-40929)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

25) Memory leak (CVE-ID: CVE-2024-40932)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.

26) Memory leak (CVE-ID: CVE-2024-40936)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the devm_cxl_add_region() and __create_region() functions in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.

27) Buffer overflow (CVE-ID: CVE-2024-40941)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

28) Improper locking (CVE-ID: CVE-2024-40943)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

29) NULL pointer dereference (CVE-ID: CVE-2024-40951)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_fill_super() function in fs/ocfs2/super.c, within the to_ocfs2_trigger(), ocfs2_db_frozen_trigger() and __ocfs2_journal_access() functions in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

30) NULL pointer dereference (CVE-ID: CVE-2024-40952)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_dirty() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

31) NULL pointer dereference (CVE-ID: CVE-2024-40957)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the input_action_end_dx6() and input_action_end_dx4() functions in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.

32) Input validation error (CVE-ID: CVE-2024-40968)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.

33) Buffer overflow (CVE-ID: CVE-2024-40974)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.

34) Resource management error (CVE-ID: CVE-2024-40975)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the x86_android_tablet_remove() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can perform a denial of service (DoS) attack.

35) Improper locking (CVE-ID: CVE-2024-40977)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mt76s_tx_status_data() function in drivers/net/wireless/mediatek/mt76/sdio.c, within the mt7921s_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c, within the mt7921e_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/pci_mac.c, within the mt7921_mac_reset_work() function in drivers/net/wireless/mediatek/mt76/mt7921/mac.c. A local user can perform a denial of service (DoS) attack.

36) Resource management error (CVE-ID: CVE-2024-40983)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.

37) NULL pointer dereference (CVE-ID: CVE-2024-40984)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.

38) Resource management error (CVE-ID: CVE-2024-40987)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.

39) Improper locking (CVE-ID: CVE-2024-41004)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kernel/trace/Kconfig. A local user can perform a denial of service (DoS) attack.

40) Improper locking (CVE-ID: CVE-2024-41005)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.

41) Resource management error (CVE-ID: CVE-2024-41007)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.

42) Input validation error (CVE-ID: CVE-2024-41009)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1897

Vulnerable Software

openEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-35.0.0.43
python3-perf: before 6.6.0-35.0.0.43
perf-debuginfo: before 6.6.0-35.0.0.43
perf: before 6.6.0-35.0.0.43
kernel-tools-devel: before 6.6.0-35.0.0.43
kernel-tools-debuginfo: before 6.6.0-35.0.0.43
kernel-tools: before 6.6.0-35.0.0.43
kernel-source: before 6.6.0-35.0.0.43
kernel-headers: before 6.6.0-35.0.0.43
kernel-devel: before 6.6.0-35.0.0.43
kernel-debugsource: before 6.6.0-35.0.0.43
kernel-debuginfo: before 6.6.0-35.0.0.43
bpftool-debuginfo: before 6.6.0-35.0.0.43
bpftool: before 6.6.0-35.0.0.43
kernel: before 6.6.0-35.0.0.43