Main Vulnerability Database SB2025011765

SB2025011765 - openEuler 22.03 LTS SP3 update for kernel

Published: January 17, 2025

Security Bulletin ID SB2025011765

Severity

Low

Patch available

YES

Number of vulnerabilities 14

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.

1) Improper locking (CVE-ID: CVE-2024-26891)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the devtlb_invalidation_with_pasid() function in drivers/iommu/intel/pasid.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2024-50199)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unuse_mm() function in mm/swapfile.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2024-53171)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the get_znodes_to_commit() function in fs/ubifs/tnc_commit.c. A local user can escalate privileges on the system.

4) Improper locking (CVE-ID: CVE-2024-53190)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the efuse_write_1byte() and read_efuse_byte() functions in drivers/net/wireless/realtek/rtlwifi/efuse.c. A local user can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2024-53237)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __match_tty() and hci_conn_del_sysfs() functions in net/bluetooth/hci_sysfs.c. A local user can escalate privileges on the system.

6) Use-after-free (CVE-ID: CVE-2024-53239)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.

7) Division by zero (CVE-ID: CVE-2024-56567)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad7780_write_raw() function in drivers/iio/adc/ad7780.c. A local user can perform a denial of service (DoS) attack.

8) Out-of-bounds read (CVE-ID: CVE-2024-56595)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

9) Out-of-bounds read (CVE-ID: CVE-2024-56597)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

10) Use-after-free (CVE-ID: CVE-2024-56631)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sg_release() function in drivers/scsi/sg.c. A local user can escalate privileges on the system.

11) Use-after-free (CVE-ID: CVE-2024-56633)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sock_put() function in net/ipv4/tcp_bpf.c. A local user can escalate privileges on the system.

12) Out-of-bounds read (CVE-ID: CVE-2024-56662)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.

13) Improper locking (CVE-ID: CVE-2024-56701)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dtl_worker_enable() and dtl_worker_disable() functions in arch/powerpc/platforms/pseries/lpar.c, within the dtl_enable() and dtl_disable() functions in arch/powerpc/platforms/pseries/dtl.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2024-56759)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_force_cow_block() and btrfs_cow_block() functions in fs/btrfs/ctree.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1066

Vulnerable Software

openEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-246.0.0.148
python3-perf: before 5.10.0-246.0.0.148
perf-debuginfo: before 5.10.0-246.0.0.148
perf: before 5.10.0-246.0.0.148
kernel-tools-devel: before 5.10.0-246.0.0.148
kernel-tools-debuginfo: before 5.10.0-246.0.0.148
kernel-tools: before 5.10.0-246.0.0.148
kernel-source: before 5.10.0-246.0.0.148
kernel-headers: before 5.10.0-246.0.0.148
kernel-devel: before 5.10.0-246.0.0.148
kernel-debugsource: before 5.10.0-246.0.0.148
kernel-debuginfo: before 5.10.0-246.0.0.148
kernel: before 5.10.0-246.0.0.148

SB2025011765 - openEuler 22.03 LTS SP3 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human