Main Vulnerability Database SB2024112267

SB2024112267 - openEuler 24.03 LTS update for kernel

Published: November 22, 2024

Security Bulletin ID SB2024112267

Severity

Low

Patch available

YES

Number of vulnerabilities 37

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 37 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2024-26944)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_load_block_group_zone_info(), bitmap_free() and do_zone_finish() functions in fs/btrfs/zoned.c. A local user can escalate privileges on the system.

2) NULL pointer dereference (CVE-ID: CVE-2024-36011)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hci_le_big_sync_established_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.

3) Improper locking (CVE-ID: CVE-2024-43835)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the virtnet_receive(), virtnet_poll_cleantx(), virtnet_poll() and virtnet_poll_tx() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2024-43911)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ieee80211_start_tx_ba_session() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2024-44989)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

6) Buffer overflow (CVE-ID: CVE-2024-45030)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the igb_set_rx_buffer_len() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

7) Improper locking (CVE-ID: CVE-2024-46678)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bond_ipsec_add_sa(), bond_ipsec_add_sa_all(), bond_ipsec_del_sa(), bond_ipsec_del_sa_all(), bond_setup() and bond_uninit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2024-46763)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fou_from_sock(), fou_gro_receive(), fou_gro_complete() and gue_gro_receive() functions in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.

9) Improper error handling (CVE-ID: CVE-2024-46783)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.

10) Resource management error (CVE-ID: CVE-2024-46835)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gfx_v11_0_hw_init() function in drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c. A local user can perform a denial of service (DoS) attack.

11) Improper locking (CVE-ID: CVE-2024-47666)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pm8001_phy_control() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.

12) Use-after-free (CVE-ID: CVE-2024-47674)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remap_p4d_range() and remap_pfn_range_notrack() functions in mm/memory.c. A local user can escalate privileges on the system.

13) Out-of-bounds read (CVE-ID: CVE-2024-47723)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

14) Memory leak (CVE-ID: CVE-2024-47728)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the BPF_CALL_5() function in net/core/filter.c, within the BPF_CALL_4() function in kernel/bpf/syscall.c, within the BPF_CALL_4() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

15) Use-after-free (CVE-ID: CVE-2024-49945)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ncsi_unregister_dev() function in net/ncsi/ncsi-manage.c. A local user can escalate privileges on the system.

16) Input validation error (CVE-ID: CVE-2024-50056)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the find_format_by_pix(), uvc_v4l2_try_format() and uvc_v4l2_enum_format() functions in drivers/usb/gadget/function/uvc_v4l2.c. A local user can perform a denial of service (DoS) attack.

17) Race condition (CVE-ID: CVE-2024-50061)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the cdns_i3c_master_remove() function in drivers/i3c/master/i3c-master-cdns.c. A local user can escalate privileges on the system.

18) Input validation error (CVE-ID: CVE-2024-50089)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfdicf_init() and main() functions in fs/unicode/mkutf8data.c. A local user can perform a denial of service (DoS) attack.

19) Improper locking (CVE-ID: CVE-2024-50099)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.

20) Out-of-bounds read (CVE-ID: CVE-2024-50115)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.

21) Use-after-free (CVE-ID: CVE-2024-50124)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ISO_CONN_TIMEOUT(), iso_sock_timeout() and iso_conn_del() functions in net/bluetooth/iso.c. A local user can escalate privileges on the system.

22) Improper locking (CVE-ID: CVE-2024-50138)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bpf_ringbuf_alloc() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.

23) Out-of-bounds read (CVE-ID: CVE-2024-50151)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the SMB2_ioctl_init() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

24) Use-after-free (CVE-ID: CVE-2024-50153)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the target_alloc_device() function in drivers/target/target_core_device.c. A local user can escalate privileges on the system.

25) Buffer overflow (CVE-ID: CVE-2024-50180)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

26) Resource management error (CVE-ID: CVE-2024-50193)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the SYM_CODE_START() function in arch/x86/entry/entry_32.S. A local user can perform a denial of service (DoS) attack.

27) NULL pointer dereference (CVE-ID: CVE-2024-50198)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.

28) Input validation error (CVE-ID: CVE-2024-50202)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nilfs_lookup(), nilfs_do_unlink(), nilfs_rename() and nilfs_get_parent() functions in fs/nilfs2/namei.c, within the nilfs_readdir(), nilfs_find_entry() and nilfs_inode_by_name() functions in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

29) Double free (CVE-ID: CVE-2024-50215)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvmet_setup_dhgroup() function in drivers/nvme/target/auth.c. A local user can perform a denial of service (DoS) attack.

30) Use of uninitialized resource (CVE-ID: CVE-2024-50237)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.

31) Input validation error (CVE-ID: CVE-2024-50242)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ntfs_file_release() function in fs/ntfs3/file.c. A local user can perform a denial of service (DoS) attack.

32) Input validation error (CVE-ID: CVE-2024-50243)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ni_find_attr() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.

33) Use of uninitialized resource (CVE-ID: CVE-2024-50244)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ni_clear() function in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.

34) Improper locking (CVE-ID: CVE-2024-50245)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ntfs_lookup() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.

35) Buffer overflow (CVE-ID: CVE-2024-50246)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.

36) Out-of-bounds read (CVE-ID: CVE-2024-50247)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the decompress_chunk() function in fs/ntfs3/lznt.c. A local user can perform a denial of service (DoS) attack.

37) Buffer overflow (CVE-ID: CVE-2024-50250)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dax_unshare_iter() function in fs/dax.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2446

Vulnerable Software

openEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-55.0.0.58
python3-perf: before 6.6.0-55.0.0.58
perf-debuginfo: before 6.6.0-55.0.0.58
perf: before 6.6.0-55.0.0.58
kernel-tools-devel: before 6.6.0-55.0.0.58
kernel-tools-debuginfo: before 6.6.0-55.0.0.58
kernel-tools: before 6.6.0-55.0.0.58
kernel-source: before 6.6.0-55.0.0.58
kernel-headers: before 6.6.0-55.0.0.58
kernel-devel: before 6.6.0-55.0.0.58
kernel-debugsource: before 6.6.0-55.0.0.58
kernel-debuginfo: before 6.6.0-55.0.0.58
bpftool-debuginfo: before 6.6.0-55.0.0.58
bpftool: before 6.6.0-55.0.0.58
kernel: before 6.6.0-55.0.0.58

SB2024112267 - openEuler 24.03 LTS update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human