SB2024091407 - openEuler 22.03 LTS SP4 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024091407

SB2024091407 - openEuler 22.03 LTS SP4 update for kernel

Published: September 14, 2024

Security Bulletin ID SB2024091407
Severity
Low
Patch available
YES
Number of vulnerabilities 17
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 17 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2022-48867)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drv_disable_wq() function in drivers/dma/idxd/device.c. A local user can escalate privileges on the system.


2) Improper locking (CVE-ID: CVE-2022-48887)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vmw_execbuf_rcache_update(), vmw_execbuf_res_noref_val_add(), vmw_view_res_val_add(), vmw_resource_context_res_add(), vmw_cmd_res_check(), vmw_translate_mob_ptr(), vmw_translate_guest_ptr(), vmw_cmd_set_shader(), vmw_cmd_dx_set_shader(), vmw_cmd_dx_bind_shader(), vmw_cmd_dx_bind_streamoutput(), vmw_cmd_dx_set_streamoutput() and vmw_execbuf_tie_context() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c, within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c, within the ttm_base_object_unref() and ttm_base_object_lookup() functions in drivers/gpu/drm/vmwgfx/ttm_object.c. A local user can perform a denial of service (DoS) attack.


3) Improper locking (CVE-ID: CVE-2022-48901)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the btrfs_maybe_wake_unfinished_drop() and btrfs_add_dead_root() functions in fs/btrfs/transaction.c, within the btrfs_find_orphan_roots() function in fs/btrfs/root-tree.c, within the btrfs_relocate_block_group() function in fs/btrfs/relocation.c, within the btrfs_drop_snapshot() and btrfs_free_path() functions in fs/btrfs/extent-tree.c, within the open_ctree() and close_ctree() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.


4) Improper locking (CVE-ID: CVE-2022-48902)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the assert_eb_page_uptodate() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.


5) Out-of-bounds read (CVE-ID: CVE-2023-45896)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.


6) Integer overflow (CVE-ID: CVE-2024-42102)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.


7) Input validation error (CVE-ID: CVE-2024-42276)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nvme_prep_rq() function in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.


8) Use of uninitialized resource (CVE-ID: CVE-2024-42311)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfs_new_inode() and hfs_inode_read_fork() functions in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.


9) Input validation error (CVE-ID: CVE-2024-43849)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pdr_locator_new_server(), pdr_locator_del_server() and pdr_get_domain_list() functions in drivers/soc/qcom/pdr_interface.c. A local user can perform a denial of service (DoS) attack.


10) Buffer overflow (CVE-ID: CVE-2024-43856)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.


11) NULL pointer dereference (CVE-ID: CVE-2024-43899)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_get_dcc_compression_cap() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.


12) NULL pointer dereference (CVE-ID: CVE-2024-43907)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.


13) Input validation error (CVE-ID: CVE-2024-43914)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.


14) NULL pointer dereference (CVE-ID: CVE-2024-44935)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.


15) Memory leak (CVE-ID: CVE-2024-44947)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.


16) Memory leak (CVE-ID: CVE-2024-44971)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sf2_mdio_register() function in drivers/net/dsa/bcm_sf2.c. A local user can perform a denial of service (DoS) attack.


17) Use-after-free (CVE-ID: CVE-2024-44974)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_subflow_by_daddr(), select_local_address(), select_signal_address(), __lookup_addr() and mptcp_pm_create_subflow_or_signal_addr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.


Remediation

Install update from vendor's website.

References