SB2024101874 - openEuler 22.03 LTS SP3 update for kernel
Published: October 18, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 47 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2022-48893)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_engines_init() function in drivers/gpu/drm/i915/gt/intel_engine_cs.c. A local user can perform a denial of service (DoS) attack.
2) Reachable assertion (CVE-ID: CVE-2023-52444)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to reachable assertion within the f2fs_rename() function in fs/f2fs/namei.c. A local user can execute arbitrary code.
3) NULL pointer dereference (CVE-ID: CVE-2023-52463)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
4) Stack-based buffer overflow (CVE-ID: CVE-2023-52482)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the VULNBL_AMD() function in arch/x86/kernel/cpu/common.c. A local user can perform a denial of service (DoS) attack.
5) Buffer overflow (CVE-ID: CVE-2023-52612)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.
6) Use of uninitialized resource (CVE-ID: CVE-2023-52843)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.
7) Resource management error (CVE-ID: CVE-2024-26820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
8) Resource management error (CVE-ID: CVE-2024-36005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
9) Improper locking (CVE-ID: CVE-2024-40998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
10) Incorrect calculation (CVE-ID: CVE-2024-42067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.
11) Memory leak (CVE-ID: CVE-2024-42283)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
12) Resource management error (CVE-ID: CVE-2024-42290)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.
13) Buffer overflow (CVE-ID: CVE-2024-42306)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.
14) NULL pointer dereference (CVE-ID: CVE-2024-42309)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
15) Use-after-free (CVE-ID: CVE-2024-42313)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.
16) Resource management error (CVE-ID: CVE-2024-42322)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.
17) NULL pointer dereference (CVE-ID: CVE-2024-43823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ks_pcie_setup_rc_app_regs() and ks_pcie_host_init() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
18) Double free (CVE-ID: CVE-2024-43830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the led_trigger_set() function in drivers/leds/led-triggers.c. A local user can perform a denial of service (DoS) attack.
19) Resource management error (CVE-ID: CVE-2024-43840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
20) Improper locking (CVE-ID: CVE-2024-43855)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the md_end_flush(), submit_flushes() and md_submit_flush_data() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2024-43872)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the next_ceqe_sw_v2(), hns_roce_v2_msix_interrupt_eq(), hns_roce_ceq_work(), __hns_roce_request_irq() and __hns_roce_free_irq() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
22) Race condition (CVE-ID: CVE-2024-43892)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
23) Improper locking (CVE-ID: CVE-2024-43893)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
24) Resource management error (CVE-ID: CVE-2024-44940)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the NAPI_GRO_CB() function in net/ipv4/fou_core.c. A local user can perform a denial of service (DoS) attack.
25) Improper locking (CVE-ID: CVE-2024-44954)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.
26) Use-after-free (CVE-ID: CVE-2024-44998)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.
27) NULL pointer dereference (CVE-ID: CVE-2024-45006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
28) Buffer overflow (CVE-ID: CVE-2024-45026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
29) Division by zero (CVE-ID: CVE-2024-46676)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2024-46719)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.
31) Input validation error (CVE-ID: CVE-2024-46754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/core/filter.c. A local user can perform a denial of service (DoS) attack.
32) NULL pointer dereference (CVE-ID: CVE-2024-46770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_prepare_for_reset(), ice_update_pf_netdev_link() and ice_rebuild() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
33) NULL pointer dereference (CVE-ID: CVE-2024-46795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_sess_setup() function in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
34) NULL pointer dereference (CVE-ID: CVE-2024-46819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nbio_v7_4_handle_ras_controller_intr_no_bifring() function in drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c. A local user can perform a denial of service (DoS) attack.
35) Input validation error (CVE-ID: CVE-2024-46826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.
36) Out-of-bounds read (CVE-ID: CVE-2024-46828)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
37) Improper locking (CVE-ID: CVE-2024-46840)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
38) Infinite loop (CVE-ID: CVE-2024-46848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the adl_get_hybrid_cpu_type() and intel_pmu_init() functions in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
39) Memory leak (CVE-ID: CVE-2024-46854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.
40) Memory leak (CVE-ID: CVE-2024-46855)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_socket_eval() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.
41) Use-after-free (CVE-ID: CVE-2024-46858)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_del_add_timer() and remove_anno_list_by_saddr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
42) Improper locking (CVE-ID: CVE-2024-47658)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32_cryp_irq_thread() function in drivers/crypto/stm32/stm32-cryp.c. A local user can perform a denial of service (DoS) attack.
43) Division by zero (CVE-ID: CVE-2024-47664)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the hisi_spi_probe() function in drivers/spi/spi-hisi-kunpeng.c. A local user can perform a denial of service (DoS) attack.
44) Out-of-bounds read (CVE-ID: CVE-2024-47670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_listxattr(), ocfs2_xattr_find_entry(), ocfs2_xattr_ibody_get(), ocfs2_xattr_ibody_find() and ocfs2_xattr_block_find() functions in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
45) Memory leak (CVE-ID: CVE-2024-47671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usbtmc_create_urb() function in drivers/usb/class/usbtmc.c. A local user can perform a denial of service (DoS) attack.
46) Improper locking (CVE-ID: CVE-2024-47672)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iwl_mvm_flush_no_vif() and iwl_mvm_mac_flush() functions in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.
47) Security restrictions bypass (CVE-ID: CVE-2015-3290)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to security restrictions bypass within the entry() function in arch/x86/entry/entry_64.s. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.