SB2024050851 - openEuler 20.03 LTS SP1 update for kernel
Published: May 8, 2024 Updated: December 19, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2023-46838)
The vulnerability allows an unprivileged guest to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of network packets at the backend. An unprivileged guest can send zero-length packets to the OS kernel and perform a denial of service (DoS) attack.
2) Resource exhaustion (CVE-ID: CVE-2023-52340)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing very large ICMPv6 packets. A remote attacker can send a flood of IPv6 ICMP6 PTB messages, cause the high lock contention and increased CPU usage, leading to a denial of service.
Successful vulnerability exploitation requires a attacker to be on the local network or have a high bandwidth connection.
3) Use-after-free (CVE-ID: CVE-2024-1086)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Remediation
Install update from vendor's website.