SB2024092673 - Multiple vulnerabilities in OpenShift Logging 5.8
Published: September 26, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 34 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2023-52463)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2023-52801)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iopt_area_split() function in drivers/iommu/iommufd/io_pagetable.c. A local user can escalate privileges on the system.
3) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-6104)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data obtain from HTTP requests.
4) Type Confusion (CVE-ID: CVE-2024-6119)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error when performing certificate name checks. A remote attacker can supply a specially crafted X.509 certificate to the server, trigger a type confusion error and perform a denial of service (DoS) attack.
5) Improper locking (CVE-ID: CVE-2024-26629)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
6) Resource management error (CVE-ID: CVE-2024-26630)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the filemap_cachestat() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
7) Division by zero (CVE-ID: CVE-2024-26720)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2024-26886)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bt_sock_recvmsg() and bt_sock_ioctl() functions in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
9) Input validation error (CVE-ID: CVE-2024-26946)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the can_probe() function in arch/x86/kernel/kprobes/core.c. A local user can perform a denial of service (DoS) attack.
10) Insufficient verification of data authenticity (CVE-ID: CVE-2024-34397)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.
11) Use-after-free (CVE-ID: CVE-2024-35791)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svm_register_enc_region() function in arch/x86/kvm/svm/sev.c. A local user can escalate privileges on the system.
12) Out-of-bounds read (CVE-ID: CVE-2024-35797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the filemap_cachestat() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
13) Input validation error (CVE-ID: CVE-2024-35875)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the setup_arch() function in arch/x86/kernel/setup.c, within the cc_mkdec() function in arch/x86/coco/core.c. A local user can perform a denial of service (DoS) attack.
14) Reachable Assertion (CVE-ID: CVE-2024-36000)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
15) Out-of-bounds read (CVE-ID: CVE-2024-36019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the regcache_maple_drop() function in drivers/base/regmap/regcache-maple.c. A local user can perform a denial of service (DoS) attack.
16) Out-of-bounds read (CVE-ID: CVE-2024-36883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2024-36979)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_mst_vlan_set_state() and br_mst_set_state() functions in net/bridge/br_mst.c. A local user can escalate privileges on the system.
18) Out-of-bounds read (CVE-ID: CVE-2024-38559)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
19) Use of uninitialized resource (CVE-ID: CVE-2024-38619)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.
20) Use of Potentially Dangerous Function (CVE-ID: CVE-2024-39331)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function. A remote attacker can execute arbitrary OS commands on the system.
21) Use-after-free (CVE-ID: CVE-2024-40927)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xhci_invalidate_cancelled_tds() and xhci_handle_cmd_set_deq() functions in drivers/usb/host/xhci-ring.c. A local user can escalate privileges on the system.
22) Memory leak (CVE-ID: CVE-2024-40936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devm_cxl_add_region() and __create_region() functions in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2024-41040)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.
24) Input validation error (CVE-ID: CVE-2024-41044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
25) NULL pointer dereference (CVE-ID: CVE-2024-41055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.
26) Double free (CVE-ID: CVE-2024-41073)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
27) Use-after-free (CVE-ID: CVE-2024-41096)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the msi_capability_init() function in drivers/pci/msi/msi.c. A local user can escalate privileges on the system.
28) Buffer overflow (CVE-ID: CVE-2024-42082)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.
29) Improper locking (CVE-ID: CVE-2024-42096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.
30) Integer overflow (CVE-ID: CVE-2024-42102)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.
31) Integer overflow (CVE-ID: CVE-2024-42131)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
32) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2024-45490)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in xmlparse.c when handling negative length for XML_ParseBuffer. A remote attacker can pass specially crafted input to the application, trigger buffer underflow and execute arbitrary code on the system.
33) Integer overflow (CVE-ID: CVE-2024-45491)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the dtdCopy() function in xmlparse.c. A remote attacker can pass specially crafted input to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Integer overflow (CVE-ID: CVE-2024-45492)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the nextScaffoldPart() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.