Main Vulnerability Database SB2024121358

SB2024121358 - openEuler 24.03 LTS update for kernel

Published: December 13, 2024 Updated: March 12, 2025

Security Bulletin ID SB2024121358

Severity

Low

Patch available

YES

Number of vulnerabilities 40

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 40 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2024-40927)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xhci_invalidate_cancelled_tds() and xhci_handle_cmd_set_deq() functions in drivers/usb/host/xhci-ring.c. A local user can escalate privileges on the system.

2) Out-of-bounds read (CVE-ID: CVE-2024-47697)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtl2830_pid_filter() function in drivers/media/dvb-frontends/rtl2830.c. A local user can perform a denial of service (DoS) attack.

3) Improper locking (CVE-ID: CVE-2024-47713)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_do_stop() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.

4) Resource management error (CVE-ID: CVE-2024-47738)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ieee80211_tx_h_rate_ctrl() function in net/mac80211/tx.c, within the ieee80211_send_scan_probe_req() function in net/mac80211/scan.c, within the ieee80211_get_tx_rates() function in net/mac80211/rate.c, within the ieee80211_mgmt_tx() function in net/mac80211/offchannel.c. A local user can perform a denial of service (DoS) attack.

5) Improper error handling (CVE-ID: CVE-2024-49897)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dcn32_add_phantom_pipes() function in drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c. A local user can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2024-49923)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn21_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c, within the dcn20_fast_validate_bw() function in drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c. A local user can perform a denial of service (DoS) attack.

7) Input validation error (CVE-ID: CVE-2024-49977)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tc_setup_cbs() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.

8) Use-after-free (CVE-ID: CVE-2024-49991)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pqm_clean_queue_resource() function in drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c, within the kfd_process_destroy_pdds() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c, within the kfd_free_mqd_cp() function in drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager.c, within the deallocate_hiq_sdma_mqd() function in drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c, within the kfd_gtt_sa_fini() and kgd2kfd_device_exit() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c, within the kfd_ioctl_create_queue() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c, within the amdgpu_amdkfd_free_gtt_mem() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can escalate privileges on the system.

9) Buffer overflow (CVE-ID: CVE-2024-49997)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ltq_etop_tx() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

10) NULL pointer dereference (CVE-ID: CVE-2024-50103)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the asoc_qcom_lpass_cpu_platform_probe() function in sound/soc/qcom/lpass-cpu.c. A local user can perform a denial of service (DoS) attack.

11) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-50112)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to speculative execution within the arch/x86/Kconfig. A local user can gain access to sensitive information.

12) Improper error handling (CVE-ID: CVE-2024-50116)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_forget_buffer() and nilfs_clear_dirty_page() functions in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

13) NULL pointer dereference (CVE-ID: CVE-2024-50117)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.

14) Buffer overflow (CVE-ID: CVE-2024-50134)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the hgsmi_update_pointer_shape() function in drivers/gpu/drm/vboxvideo/hgsmi_base.c. A local user can perform a denial of service (DoS) attack.

15) Use-after-free (CVE-ID: CVE-2024-50159)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the scmi_debugfs_common_setup() function in drivers/firmware/arm_scmi/driver.c. A local user can escalate privileges on the system.

16) Buffer overflow (CVE-ID: CVE-2024-50194)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.

17) Reachable assertion (CVE-ID: CVE-2024-50200)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the mte_node_or_none(), mas_wr_walk(), mas_wr_walk_index() and mas_wr_spanning_store() functions in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.

18) Improper locking (CVE-ID: CVE-2024-50210)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

19) NULL pointer dereference (CVE-ID: CVE-2024-50224)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dspi_setup() function in drivers/spi/spi-fsl-dspi.c. A local user can perform a denial of service (DoS) attack.

20) NULL pointer dereference (CVE-ID: CVE-2024-50239)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qmp_usb_legacy_probe() function in drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c. A local user can perform a denial of service (DoS) attack.

21) Improper locking (CVE-ID: CVE-2024-50249)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the acpi_cppc_processor_probe() and cpc_write() functions in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.

22) Use-after-free (CVE-ID: CVE-2024-50257)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xt_find_table_lock() function in net/netfilter/x_tables.c. A local user can escalate privileges on the system.

23) Improper error handling (CVE-ID: CVE-2024-50263)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dup_mmap() and vma_iter_free() functions in kernel/fork.c. A local user can perform a denial of service (DoS) attack.

24) Use-after-free (CVE-ID: CVE-2024-50267)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the edge_bulk_out_data_callback() and edge_bulk_out_cmd_callback() functions in drivers/usb/serial/io_edgeport.c. A local user can escalate privileges on the system.

25) Out-of-bounds read (CVE-ID: CVE-2024-50268)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ucsi_ccg_update_set_new_cam_cmd() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can perform a denial of service (DoS) attack.

26) Out-of-bounds read (CVE-ID: CVE-2024-50279)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

27) Division by zero (CVE-ID: CVE-2024-50287)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

28) Integer underflow (CVE-ID: CVE-2024-50290)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the cx24116_read_snr_pct() function in drivers/media/dvb-frontends/cx24116.c. A local user can execute arbitrary code.

29) NULL pointer dereference (CVE-ID: CVE-2024-50292)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stm32_spdifrx_remove() function in sound/soc/stm/stm32_spdifrx.c. A local user can perform a denial of service (DoS) attack.

30) Out-of-bounds read (CVE-ID: CVE-2024-50301)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.

31) Memory leak (CVE-ID: CVE-2024-50302)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild against Android devices.

32) Use-after-free (CVE-ID: CVE-2024-53057)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can escalate privileges on the system.

33) Use-after-free (CVE-ID: CVE-2024-53068)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), __scmi_device_destroy() and __scmi_device_create() functions in drivers/firmware/arm_scmi/bus.c. A local user can escalate privileges on the system.

34) Resource management error (CVE-ID: CVE-2024-53072)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amd_pmc_s2d_init() function in drivers/platform/x86/amd/pmc.c. A local user can perform a denial of service (DoS) attack.

35) Input validation error (CVE-ID: CVE-2024-53082)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the virtnet_probe() function in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.

36) Out-of-bounds write (CVE-ID: CVE-2024-53104)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

37) Buffer overflow (CVE-ID: CVE-2024-53110)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vp_vdpa_probe() function in drivers/vdpa/virtio_pci/vp_vdpa.c. A local user can perform a denial of service (DoS) attack.

38) Improper locking (CVE-ID: CVE-2024-53112)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_commit_trans() function in fs/ocfs2/resize.c. A local user can perform a denial of service (DoS) attack.

39) Resource management error (CVE-ID: CVE-2024-53125)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the find_equal_scalars() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

40) NULL pointer dereference (CVE-ID: CVE-2024-53130)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_grab_buffer() function in fs/nilfs2/page.c, within the nilfs_mdt_create_block() function in fs/nilfs2/mdt.c, within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c, within the nilfs_btnode_create_block() and nilfs_btnode_submit_block() functions in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2537

Vulnerable Software

openEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-64.0.0.61
python3-perf: before 6.6.0-64.0.0.61
perf-debuginfo: before 6.6.0-64.0.0.61
perf: before 6.6.0-64.0.0.61
kernel-tools-devel: before 6.6.0-64.0.0.61
kernel-tools-debuginfo: before 6.6.0-64.0.0.61
kernel-tools: before 6.6.0-64.0.0.61
kernel-source: before 6.6.0-64.0.0.61
kernel-headers: before 6.6.0-64.0.0.61
kernel-devel: before 6.6.0-64.0.0.61
kernel-debugsource: before 6.6.0-64.0.0.61
kernel-debuginfo: before 6.6.0-64.0.0.61
bpftool-debuginfo: before 6.6.0-64.0.0.61
bpftool: before 6.6.0-64.0.0.61
kernel: before 6.6.0-64.0.0.61

SB2024121358 - openEuler 24.03 LTS update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human