SB2024090669 - openEuler 22.03 LTS SP4 update for kernel
Published: September 6, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 35 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2022-48811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_crq_queue(), __ibmvnic_open() and ibmvnic_open() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2023-52889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apparmor_socket_sock_rcv_skb() function in security/apparmor/lsm.c. A local user can perform a denial of service (DoS) attack.
3) Memory leak (CVE-ID: CVE-2024-27012)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_rbtree_activate() and nft_rbtree_walk() functions in net/netfilter/nft_set_rbtree.c, within the nft_pipapo_activate() and nft_pipapo_walk() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_activate(), nft_rhash_walk(), nft_hash_activate() and nft_hash_walk() functions in net/netfilter/nft_set_hash.c, within the nft_bitmap_activate() and nft_bitmap_walk() functions in net/netfilter/nft_set_bitmap.c, within the nft_mapelem_deactivate(), nft_map_catchall_deactivate(), nft_setelem_validate(), nf_tables_bind_check_setelem(), nft_mapelem_activate(), nft_map_catchall_activate(), nf_tables_dump_setelem(), nft_setelem_activate(), nft_setelem_flush() and nf_tables_loop_check_setelem() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2024-27065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
5) Improper locking (CVE-ID: CVE-2024-37078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
6) Out-of-bounds read (CVE-ID: CVE-2024-40901)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
7) Improper error handling (CVE-ID: CVE-2024-41008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kfd_smi_event_update_thermal_throttling() function in drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c, within the sdma_v4_4_2_print_iv_entry() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c, within the sdma_v4_0_print_iv_entry() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c, within the gmc_v9_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c, within the gmc_v8_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c, within the gmc_v11_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c, within the gmc_v10_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c, within the amdgpu_vm_ptes_update() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c, within the amdgpu_vm_validate(), amdgpu_vm_wait_idle(), amdgpu_vm_init(), amdgpu_vm_fini() and amdgpu_vm_ioctl() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c, within the amdgpu_coredump() function in drivers/gpu/drm/amd/amdgpu/amdgpu_reset.c, within the amdgpu_job_timedout() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c, within the amdgpu_gem_object_open() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c, within the amdgpu_debugfs_vm_info_show() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.
8) Out-of-bounds read (CVE-ID: CVE-2024-41016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
9) NULL pointer dereference (CVE-ID: CVE-2024-41060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.
10) Resource management error (CVE-ID: CVE-2024-41082)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2024-42153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wait_reset(), i2c_pnx_master_xmit(), i2c_pnx_master_rcv(), i2c_pnx_interrupt(), i2c_pnx_timeout(), i2c_pnx_xfer() and i2c_pnx_probe() functions in drivers/i2c/busses/i2c-pnx.c. A local user can perform a denial of service (DoS) attack.
12) Resource management error (CVE-ID: CVE-2024-42230)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
13) Buffer overflow (CVE-ID: CVE-2024-42259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.
14) Input validation error (CVE-ID: CVE-2024-42267)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the no_context() function in arch/riscv/mm/fault.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2024-42286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2024-42287)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
17) Improper error handling (CVE-ID: CVE-2024-42295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
18) Input validation error (CVE-ID: CVE-2024-42299)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the blksize_bits() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.
19) Input validation error (CVE-ID: CVE-2024-42312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.
20) NULL pointer dereference (CVE-ID: CVE-2024-43824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_test_core_init() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.
21) Use-after-free (CVE-ID: CVE-2024-43834)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xdp_unreg_mem_model() function in net/core/xdp.c. A local user can escalate privileges on the system.
22) Memory leak (CVE-ID: CVE-2024-43854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
23) Input validation error (CVE-ID: CVE-2024-43883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
24) NULL pointer dereference (CVE-ID: CVE-2024-43884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
25) Division by zero (CVE-ID: CVE-2024-43889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
26) Buffer overflow (CVE-ID: CVE-2024-43890)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
27) NULL pointer dereference (CVE-ID: CVE-2024-43898)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_da_do_write_end() function in fs/ext4/inode.c, within the __block_commit_write() function in fs/buffer.c. A local user can perform a denial of service (DoS) attack.
28) NULL pointer dereference (CVE-ID: CVE-2024-43902)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dm_suspend(), create_eml_sink() and amdgpu_dm_connector_get_modes() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
29) NULL pointer dereference (CVE-ID: CVE-2024-43905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2024-43908)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_interrupt_process_handler() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2024-44934)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_del_port() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
32) Out-of-bounds read (CVE-ID: CVE-2024-44938)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbDiscardAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
33) Input validation error (CVE-ID: CVE-2024-44942)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/gc.c. A local user can perform a denial of service (DoS) attack.
34) Type Confusion (CVE-ID: CVE-2024-44944)
The vulnerability allows a local user to gain access to sensitive information.
35) Use-after-free (CVE-ID: CVE-2024-44946)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.