Main Vulnerability Database SB2024102555

SB2024102555 - openEuler 22.03 LTS SP1 update for kernel

Published: October 25, 2024

Security Bulletin ID SB2024102555

Severity

Medium

Patch available

YES

Number of vulnerabilities 29

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 29 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2021-47484)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nix_free_tx_vtag_entries() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c, within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.

2) Spoofing attack (CVE-ID: CVE-2023-52881)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.

3) Race condition (CVE-ID: CVE-2024-27030)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.

4) Memory leak (CVE-ID: CVE-2024-27074)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.

5) Integer underflow (CVE-ID: CVE-2024-27403)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the flow_offload_dst_cookie() and nft_flow_dst_release() functions in net/netfilter/nf_flow_table_core.c. A local user can execute arbitrary code.

6) Use-after-free (CVE-ID: CVE-2024-35789)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

7) Memory leak (CVE-ID: CVE-2024-35829)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lima_heap_alloc() function in drivers/gpu/drm/lima/lima_gem.c. A local user can perform a denial of service (DoS) attack.

8) Memory leak (CVE-ID: CVE-2024-35871)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __asm__() and copy_thread() functions in arch/riscv/kernel/process.c. A local user can perform a denial of service (DoS) attack.

9) Resource management error (CVE-ID: CVE-2024-36004)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

10) Incorrect calculation (CVE-ID: CVE-2024-36007)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the mlxsw_sp_acl_tcam_vregion_rehash_work(), mlxsw_sp_acl_tcam_rehash_ctx_vregion_changed(), mlxsw_sp_acl_tcam_vchunk_migrate_end(), mlxsw_sp_acl_tcam_vchunk_migrate_one(), mlxsw_sp_acl_tcam_vregion_migrate() and mlxsw_sp_acl_tcam_vregion_rehash_start() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

11) Resource management error (CVE-ID: CVE-2024-36244)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the parse_taprio_schedule() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

12) NULL pointer dereference (CVE-ID: CVE-2024-38608)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_resume(), _mlx5e_suspend(), mlx5e_suspend(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2024-38612)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the IS_ENABLED() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.

14) Use-after-free (CVE-ID: CVE-2024-39495)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gb_interface_release() function in drivers/greybus/interface.c. A local user can escalate privileges on the system.

15) Use-after-free (CVE-ID: CVE-2024-40958)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.

16) NULL pointer dereference (CVE-ID: CVE-2024-42289)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.

17) Resource management error (CVE-ID: CVE-2024-42321)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __skb_flow_dissect() function in net/core/flow_dissector.c. A local user can perform a denial of service (DoS) attack.

18) Resource management error (CVE-ID: CVE-2024-43880)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.

19) Memory leak (CVE-ID: CVE-2024-44931)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

20) Improper locking (CVE-ID: CVE-2024-44952)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the make_driver_name() and module_remove_driver() functions in drivers/base/module.c, within the dev_uevent() and uevent_show() functions in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

21) NULL pointer dereference (CVE-ID: CVE-2024-44989)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

22) NULL pointer dereference (CVE-ID: CVE-2024-44990)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

23) Use of uninitialized resource (CVE-ID: CVE-2024-45018)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.

24) Input validation error (CVE-ID: CVE-2024-46716)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the msgdma_free_descriptor() and msgdma_chan_desc_cleanup() functions in drivers/dma/altera-msgdma.c. A local user can perform a denial of service (DoS) attack.

25) Resource management error (CVE-ID: CVE-2024-46817)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

26) NULL pointer dereference (CVE-ID: CVE-2024-46822)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.

27) Input validation error (CVE-ID: CVE-2024-46826)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.

28) Out-of-bounds read (CVE-ID: CVE-2024-46859)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DEVICE_ATTR_RW(), acpi_pcc_hotkey_resume() and acpi_pcc_hotkey_add() functions in drivers/platform/x86/panasonic-laptop.c. A local user can perform a denial of service (DoS) attack.

29) Buffer overflow (CVE-ID: CVE-2024-47661)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn21/dcn21_hwseq.c, within the dmub_abm_set_pipe() function in drivers/gpu/drm/amd/display/dc/dce/dmub_abm_lcd.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2295

Vulnerable Software

openEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.98.0.179
python3-perf: before 5.10.0-136.98.0.179
perf-debuginfo: before 5.10.0-136.98.0.179
perf: before 5.10.0-136.98.0.179
kernel-tools-devel: before 5.10.0-136.98.0.179
kernel-tools-debuginfo: before 5.10.0-136.98.0.179
kernel-tools: before 5.10.0-136.98.0.179
kernel-source: before 5.10.0-136.98.0.179
kernel-headers: before 5.10.0-136.98.0.179
kernel-devel: before 5.10.0-136.98.0.179
kernel-debugsource: before 5.10.0-136.98.0.179
kernel-debuginfo: before 5.10.0-136.98.0.179
kernel: before 5.10.0-136.98.0.179

SB2024102555 - openEuler 22.03 LTS SP1 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human