SB2024070204 - openEuler 22.03 LTS SP3 update for kernel
Published: July 2, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 vulnerabilities.
1) Improper locking (CVE-ID: CVE-2021-47469)
CWE-ID: CWE-667 - Improper Locking
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the LIST_HEAD(), spi_add_device(), spi_add_device_locked(), spi_register_controller() and spi_unregister_controller() functions in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.
2) Memory leak (CVE-ID: CVE-2023-39180)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when handling SMB2_READ commands in ksmbd. A remote attacker can force the application to leak memory and perform denial of service attack.
3) NULL pointer dereference (CVE-ID: CVE-2023-52853)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cp2112_gpio_irq_startup() and cp2112_probe() functions in drivers/hid/hid-cp2112.c. A local user can perform a denial of service (DoS) attack.
4) Use-after-free (CVE-ID: CVE-2024-26592)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a race condition when handling TCP connect and disconnect events within the ksmbd_tcp_new_connection() function in
ksmbd. A remote non-authenticated attacker can trigger a use-after-free error and crash the kernel or execute arbitrary code on the system.
5) Improper locking (CVE-ID: CVE-2024-26925)
CWE-ID: CWE-667 - Improper Locking
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
6) Improper locking (CVE-ID: CVE-2024-27053)
CWE-ID: CWE-667 - Improper Locking
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wilc_parse_join_bss_param() function in drivers/staging/wilc1000/wilc_hif.c. A local user can perform a denial of service (DoS) attack.
7) Resource management error (CVE-ID: CVE-2024-35830)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2024-35902)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.
9) Use-after-free (CVE-ID: CVE-2024-35955)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.
10) Improper error handling (CVE-ID: CVE-2024-36950)
CWE-ID: CWE-388 - Error Handling
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.
11) Division by zero (CVE-ID: CVE-2024-36969)
CWE-ID: CWE-369 - Divide By Zero
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the setup_dsc_config() function in drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c. A local user can perform a denial of service (DoS) attack.
12) Out-of-bounds read (CVE-ID: CVE-2024-36978)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.
13) Use-after-free (CVE-ID: CVE-2024-38545)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.
14) Use-after-free (CVE-ID: CVE-2024-38588)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_rec(), ftrace_location_range(), ftrace_process_locs(), ftrace_release_mod() and ftrace_free_mem() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
15) Improper locking (CVE-ID: CVE-2024-38591)
CWE-ID: CWE-667 - Improper Locking
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the alloc_srqc() and free_srqc() functions in drivers/infiniband/hw/hns/hns_roce_srq.c. A local user can perform a denial of service (DoS) attack.
16) Race condition within a thread (CVE-ID: CVE-2024-38596)
CWE-ID: CWE-366 - Race Condition within a Thread
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
17) Infinite loop (CVE-ID: CVE-2024-38601)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.