Main Vulnerability Database SB2024070218

SB2024070218 - openEuler 22.03 LTS SP3 update for kernel

Published: July 2, 2024

Security Bulletin ID SB2024070218

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 13

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 13 vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2021-47182)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the scsi_mode_sense() function in drivers/scsi/scsi_lib.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

2) Memory leak (CVE-ID: CVE-2021-47199)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the parse_tc_nic_actions() and parse_tc_fdb_actions() functions in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c, within the mlx5_tc_ct_match_add(), mlx5_tc_ct_parse_action() and __mlx5_tc_ct_flow_offload_clear() functions in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.

3) NULL pointer dereference (CVE-ID: CVE-2021-47211)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the snd_usb_set_sample_rate_v2v3() function in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.

4) Race condition (CVE-ID: CVE-2023-52609)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.

5) Memory leak (CVE-ID: CVE-2023-52610)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.

6) Improper Initialization (CVE-ID: CVE-2023-52616)

CWE-ID: CWE-665 - Improper Initialization

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.

7) Buffer overflow (CVE-ID: CVE-2023-52618)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rnbd_srv_get_full_path() function in drivers/block/rnbd/rnbd-srv.c. A local user can perform a denial of service (DoS) attack.

8) Use of uninitialized resource (CVE-ID: CVE-2024-26635)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.

9) Input validation error (CVE-ID: CVE-2024-26636)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.

10) Resource management error (CVE-ID: CVE-2024-26640)

CWE-ID: CWE-399 - Resource Management Errors

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

11) Access of Uninitialized Pointer (CVE-ID: CVE-2024-26641)

CWE-ID: CWE-824 - Access of Uninitialized Pointer

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

12) Incorrect calculation (CVE-ID: CVE-2024-26752)

CWE-ID: CWE-682 - Incorrect Calculation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.

13) Off-by-one (CVE-ID: CVE-2024-26766)

CWE-ID: CWE-193 - Off-by-one Error

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an off-by-one error within the _pad_sdma_tx_descs() function in drivers/infiniband/hw/hfi1/sdma.c. A local user can trigger an off-by-one error and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1566

Vulnerable Software

openEuler: 22.03 LTS SP3
kernel: before 5.10.0-198.0.0.111
kernel-source: before 5.10.0-198.0.0.111
kernel-debugsource: before 5.10.0-198.0.0.111
kernel-tools-devel: before 5.10.0-198.0.0.111
perf-debuginfo: before 5.10.0-198.0.0.111
python3-perf: before 5.10.0-198.0.0.111
kernel-debuginfo: before 5.10.0-198.0.0.111
kernel-devel: before 5.10.0-198.0.0.111
kernel-headers: before 5.10.0-198.0.0.111
python3-perf-debuginfo: before 5.10.0-198.0.0.111
kernel-tools-debuginfo: before 5.10.0-198.0.0.111
perf: before 5.10.0-198.0.0.111
kernel-tools: before 5.10.0-198.0.0.111

SB2024070218 - openEuler 22.03 LTS SP3 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human