Main Vulnerability Database SB2025011047

SB2025011047 - openEuler 24.03 LTS update for kernel

Published: January 10, 2025 Updated: March 3, 2025

Security Bulletin ID SB2025011047

Severity

Low

Patch available

YES

Number of vulnerabilities 64

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 64 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2022-49034)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the show_cpuinfo() function in arch/sh/kernel/cpu/proc.c. A local user can perform a denial of service (DoS) attack.

2) Improper locking (CVE-ID: CVE-2024-46692)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the scm_get_wq_ctx() function in drivers/firmware/qcom_scm-smc.c. A local user can perform a denial of service (DoS) attack.

3) Incorrect calculation (CVE-ID: CVE-2024-46710)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the vmw_bo_map_and_cache_size() and vmw_bo_init() functions in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can perform a denial of service (DoS) attack.

4) Improper locking (CVE-ID: CVE-2024-46762)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), irqfd_shutdown() and privcmd_irqfd_assign() functions in drivers/xen/privcmd.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2024-49906)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2024-50069)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the apple_gpio_pinctrl_probe() function in drivers/pinctrl/pinctrl-apple-gpio.c. A local user can perform a denial of service (DoS) attack.

7) Input validation error (CVE-ID: CVE-2024-50075)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tegra_xusb_enter_elpg() function in drivers/usb/host/xhci-tegra.c. A local user can perform a denial of service (DoS) attack.

8) Reachable assertion (CVE-ID: CVE-2024-50185)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the skb_is_fully_mapped() function in net/mptcp/subflow.c, within the mptcp_check_data_fin() and __mptcp_move_skbs_from_subflow() functions in net/mptcp/protocol.c, within the SNMP_MIB_ITEM() function in net/mptcp/mib.c. A local user can perform a denial of service (DoS) attack.

9) Division by zero (CVE-ID: CVE-2024-50233)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.

10) Integer overflow (CVE-ID: CVE-2024-53081)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the calc_pll() function in drivers/media/i2c/ar0521.c. A local user can execute arbitrary code.

11) Memory leak (CVE-ID: CVE-2024-53088)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the i40e_count_filters(), i40e_correct_mac_vlan_filters(), i40e_correct_vf_mac_vlan_filters(), i40e_aqc_broadcast_filter() and i40e_sync_vsi_filters() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

12) NULL pointer dereference (CVE-ID: CVE-2024-53103)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hvs_destruct() function in net/vmw_vsock/hyperv_transport.c. A local user can perform a denial of service (DoS) attack.

13) Input validation error (CVE-ID: CVE-2024-53114)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the init_amd_zen4() function in arch/x86/kernel/cpu/amd.c. A local user can perform a denial of service (DoS) attack.

14) Buffer overflow (CVE-ID: CVE-2024-53126)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the psnet_open_pf_bar() function in drivers/vdpa/solidrun/snet_main.c. A local user can perform a denial of service (DoS) attack.

15) Buffer overflow (CVE-ID: CVE-2024-53127)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dw_mci_init_slot() function in drivers/mmc/host/dw_mmc.c. A local user can perform a denial of service (DoS) attack.

16) Input validation error (CVE-ID: CVE-2024-53134)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the imx93_blk_ctrl_remove() function in drivers/pmdomain/imx/imx93-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.

17) Improper locking (CVE-ID: CVE-2024-53136)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shmem_getattr() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.

18) Integer overflow (CVE-ID: CVE-2024-53146)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the decode_cb_compound4res() function in fs/nfsd/nfs4callback.c. A local user can execute arbitrary code.

19) Out-of-bounds read (CVE-ID: CVE-2024-53147)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the exfat_find() function in fs/exfat/namei.c. A local user can perform a denial of service (DoS) attack.

20) Integer overflow (CVE-ID: CVE-2024-53151)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the xdr_check_write_chunk() function in net/sunrpc/xprtrdma/svc_rdma_recvfrom.c. A local user can execute arbitrary code.

21) NULL pointer dereference (CVE-ID: CVE-2024-53154)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the applnco_probe() function in drivers/clk/clk-apple-nco.c. A local user can perform a denial of service (DoS) attack.

22) Integer overflow (CVE-ID: CVE-2024-53161)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the bluefield_edac_check() function in drivers/edac/bluefield_edac.c. A local user can execute arbitrary code.

23) Off-by-one (CVE-ID: CVE-2024-53163)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the uof_get_name() function in drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c. A local user can perform a denial of service (DoS) attack.

24) Use-after-free (CVE-ID: CVE-2024-53165)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the register_intc_controller() function in drivers/sh/intc/core.c. A local user can escalate privileges on the system.

25) Use-after-free (CVE-ID: CVE-2024-53170)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the del_gendisk() function in block/genhd.c, within the blk_register_queue() function in block/blk-sysfs.c. A local user can escalate privileges on the system.

26) Use-after-free (CVE-ID: CVE-2024-53173)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

27) Use-after-free (CVE-ID: CVE-2024-53186)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the handle_ksmbd_work() function in fs/smb/server/server.c. A local user can escalate privileges on the system.

28) Out-of-bounds write (CVE-ID: CVE-2024-53197)

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to an out-of-bounds write error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited against Android devices.

29) Memory leak (CVE-ID: CVE-2024-53202)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fw_log_firmware_info() function in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

30) NULL pointer dereference (CVE-ID: CVE-2024-53217)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfsd4_process_cb_update() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.

31) NULL pointer dereference (CVE-ID: CVE-2024-53221)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the init_f2fs_fs(), f2fs_destroy_post_read_processing() and exit_f2fs_fs() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

32) Use-after-free (CVE-ID: CVE-2024-53227)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfad_init() function in drivers/scsi/bfa/bfad.c. A local user can escalate privileges on the system.

33) NULL pointer dereference (CVE-ID: CVE-2024-53230)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cppc_get_cpu_cost() function in drivers/cpufreq/cppc_cpufreq.c. A local user can perform a denial of service (DoS) attack.

34) Use-after-free (CVE-ID: CVE-2024-56538)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zynqmp_dpsub_drm_cleanup() function in drivers/gpu/drm/xlnx/zynqmp_kms.c. A local user can escalate privileges on the system.

35) Use-after-free (CVE-ID: CVE-2024-56548)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.

36) NULL pointer dereference (CVE-ID: CVE-2024-56569)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ftrace_mod_callback() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

37) NULL pointer dereference (CVE-ID: CVE-2024-56575)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mxc_jpeg_detach_pm_domains() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.

38) Improper error handling (CVE-ID: CVE-2024-56578)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mxc_jpeg_probe() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.

39) Use-after-free (CVE-ID: CVE-2024-56581)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_ref_tree_mod() function in fs/btrfs/ref-verify.c. A local user can escalate privileges on the system.

40) Use-after-free (CVE-ID: CVE-2024-56584)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the io_init_wq_offload() function in io_uring/tctx.c. A local user can escalate privileges on the system.

41) Out-of-bounds read (CVE-ID: CVE-2024-56598)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.

42) Use-after-free (CVE-ID: CVE-2024-56604)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rfcomm_sock_alloc() function in net/bluetooth/rfcomm/sock.c. A local user can escalate privileges on the system.

43) Out-of-bounds read (CVE-ID: CVE-2024-56608)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dcn21_link_encoder_create() function in drivers/gpu/drm/amd/display/dc/resource/dcn21/dcn21_resource.c. A local user can perform a denial of service (DoS) attack.

44) Out-of-bounds read (CVE-ID: CVE-2024-56615)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dev_map_alloc(), dev_map_delete_elem() and dev_map_hash_delete_elem() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.

45) NULL pointer dereference (CVE-ID: CVE-2024-56620)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ufs_qcom_probe() function in drivers/ufs/host/ufs-qcom.c. A local user can perform a denial of service (DoS) attack.

46) Memory leak (CVE-ID: CVE-2024-56624)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the put_unused_fd() function in drivers/iommu/iommufd/fault.c. A local user can perform a denial of service (DoS) attack.

47) Out-of-bounds read (CVE-ID: CVE-2024-56627)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smb2_read() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

48) NULL pointer dereference (CVE-ID: CVE-2024-56629)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the wacom_update_name() function in drivers/hid/wacom_sys.c. A local user can perform a denial of service (DoS) attack.

49) Improper error handling (CVE-ID: CVE-2024-56630)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ocfs2_get_init_inode() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.

50) Input validation error (CVE-ID: CVE-2024-56665)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the perf_event_detach_bpf_prog() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

51) Use-after-free (CVE-ID: CVE-2024-56675)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the perf_event_detach_bpf_prog() function in kernel/trace/bpf_trace.c. A local user can escalate privileges on the system.

52) Improper error handling (CVE-ID: CVE-2024-56681)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ahash_hmac_setkey() and ahash_hmac_init() functions in drivers/crypto/bcm/cipher.c. A local user can perform a denial of service (DoS) attack.

53) Input validation error (CVE-ID: CVE-2024-56683)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vc4_hdmi_debugfs_regs() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.

54) Input validation error (CVE-ID: CVE-2024-56692)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the truncate_node() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.

55) Use-after-free (CVE-ID: CVE-2024-56693)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __setup(), brd_alloc(), brd_cleanup() and brd_init() functions in drivers/block/brd.c. A local user can escalate privileges on the system.

56) NULL pointer dereference (CVE-ID: CVE-2024-56700)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fmc_send_cmd() function in drivers/media/radio/wl128x/fmdrv_common.c. A local user can perform a denial of service (DoS) attack.

57) NULL pointer dereference (CVE-ID: CVE-2024-56702)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the SEC() function in tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c, within the reg_btf_record(), check_ptr_to_btf_access(), check_mem_access(), check_func_arg(), btf_check_func_arg_match(), check_kfunc_args(), sanitize_check_bounds(), adjust_ptr_min_max_vals() and convert_ctx_accesses() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c. A local user can perform a denial of service (DoS) attack.

58) Buffer overflow (CVE-ID: CVE-2024-56708)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the igen6_register_mci() and igen6_unregister_mcis() functions in drivers/edac/igen6_edac.c. A local user can perform a denial of service (DoS) attack.

59) Improper locking (CVE-ID: CVE-2024-56709)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_queue_iowq() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

60) Input validation error (CVE-ID: CVE-2024-56722)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the free_srqc() function in drivers/infiniband/hw/hns/hns_roce_srq.c, within the hns_roce_mr_free() function in drivers/infiniband/hw/hns/hns_roce_mr.c, within the set_rwqe_data_seg(), free_mr_modify_rsv_qp(), free_mr_post_send_lp_wqe(), free_mr_send_cmd_to_hw(), hns_roce_v2_set_abs_fields(), hns_roce_v2_modify_qp(), hns_roce_v2_query_qp(), hns_roce_v2_destroy_qp_common(), hns_roce_v2_destroy_qp(), hns_roce_v2_modify_cq() and hns_roce_v2_query_cqc() functions in drivers/infiniband/hw/hns/hns_roce_hw_v2.c, within the hns_roce_table_put() function in drivers/infiniband/hw/hns/hns_roce_hem.c, within the free_cqc() function in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can perform a denial of service (DoS) attack.

61) Memory leak (CVE-ID: CVE-2024-56741)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the policy_unpack_test_unpack_strdup_with_null_name(), policy_unpack_test_unpack_strdup_with_name() and policy_unpack_test_unpack_strdup_out_of_bounds() functions in security/apparmor/policy_unpack_test.c. A local user can perform a denial of service (DoS) attack.

62) Improper locking (CVE-ID: CVE-2024-56744)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the system_going_down() and f2fs_handle_critical_error() functions in fs/f2fs/super.c, within the f2fs_stop_checkpoint() function in fs/f2fs/checkpoint.c. A local user can perform a denial of service (DoS) attack.

63) Memory leak (CVE-ID: CVE-2024-56748)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qedf_alloc_and_init_sb() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.

64) Resource management error (CVE-ID: CVE-2024-56752)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the gf100_gr_chan_new() function in drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1036

Vulnerable Software

openEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-73.0.0.65
python3-perf: before 6.6.0-73.0.0.65
perf-debuginfo: before 6.6.0-73.0.0.65
perf: before 6.6.0-73.0.0.65
kernel-tools-devel: before 6.6.0-73.0.0.65
kernel-tools-debuginfo: before 6.6.0-73.0.0.65
kernel-tools: before 6.6.0-73.0.0.65
kernel-source: before 6.6.0-73.0.0.65
kernel-headers: before 6.6.0-73.0.0.65
kernel-devel: before 6.6.0-73.0.0.65
kernel-debugsource: before 6.6.0-73.0.0.65
kernel-debuginfo: before 6.6.0-73.0.0.65
bpftool-debuginfo: before 6.6.0-73.0.0.65
bpftool: before 6.6.0-73.0.0.65
kernel: before 6.6.0-73.0.0.65

SB2025011047 - openEuler 24.03 LTS update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human