Main Vulnerability Database SB2024081374

SB2024081374 - SUSE update for the Linux Kernel

Published: August 13, 2024

Security Bulletin ID SB2024081374

Severity

Medium

Patch available

YES

Number of vulnerabilities 13

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2016-20022)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the usb_parse_endpoint() function in drivers/usb/core/config.c when parsing the wMaxPacketSize field. A local user can perform a denial of service (DoS) attack.

Note, this vulnerability only affects products that are no longer supported by the supplier.

2) Improper Validation of Array Index (CVE-ID: CVE-2021-43389)

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to improper validation of array index in the ISDN CAPI implementation within detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.

3) Out-of-bounds read (CVE-ID: CVE-2021-4439)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can perform a denial of service (DoS) attack.

4) Out-of-bounds read (CVE-ID: CVE-2021-47219)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the resp_report_tgtpgs() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2021-47520)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pch_can_rx_normal() function in drivers/net/can/pch_can.c. A local user can escalate privileges on the system.

6) Out-of-bounds read (CVE-ID: CVE-2021-47580)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the p_fill_from_dev_buffer(), resp_inquiry(), resp_requests(), resp_mode_sense(), resp_ie_l_pg(), resp_log_sense() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.

7) Use-after-free (CVE-ID: CVE-2021-47600)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rebalance_children() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can escalate privileges on the system.

8) Use-after-free (CVE-ID: CVE-2023-52752)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.

9) Spoofing attack (CVE-ID: CVE-2023-52881)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.

10) Improper locking (CVE-ID: CVE-2024-26923)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.

11) Improper privilege management (CVE-ID: CVE-2024-36964)

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.

12) Out-of-bounds read (CVE-ID: CVE-2024-38599)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.

13) Buffer overflow (CVE-ID: CVE-2024-42145)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20242895-1/

Vulnerable Software

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE: 11-SP4
SUSE Linux Enterprise Server 11: SP4
kernel-ec2-base: before 3.0.101-108.159.1
kernel-default-base: before 3.0.101-108.159.1
kernel-syms: before 3.0.101-108.159.1
kernel-xen-base: before 3.0.101-108.159.1
kernel-trace-base: before 3.0.101-108.159.1
kernel-trace-devel: before 3.0.101-108.159.1
kernel-default-devel: before 3.0.101-108.159.1
kernel-xen-devel: before 3.0.101-108.159.1
kernel-source: before 3.0.101-108.159.1
kernel-ec2-devel: before 3.0.101-108.159.1
kernel-xen: before 3.0.101-108.159.1
kernel-default: before 3.0.101-108.159.1
kernel-trace: before 3.0.101-108.159.1
kernel-ec2: before 3.0.101-108.159.1

SB2024081374 - SUSE update for the Linux Kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human