Main Vulnerability Database SB2024070360

SB2024070360 - openEuler 20.03 LTS SP4 update for kernel

Published: July 3, 2024

Security Bulletin ID SB2024070360

Severity

Low

Patch available

YES

Number of vulnerabilities 48

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 48 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2021-47236)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the eem_tx_fixup() function in drivers/net/usb/cdc_eem.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2021-47254)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __acquires() and gfs2_scan_glock_lru() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.

3) Resource management error (CVE-ID: CVE-2021-47294)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nr_heartbeat_expiry(), nr_t2timer_expiry(), nr_t4timer_expiry(), nr_idletimer_expiry() and nr_t1timer_expiry() functions in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.

4) Information disclosure (CVE-ID: CVE-2021-47315)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_probe() and free_irq() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.

5) Use-after-free (CVE-ID: CVE-2021-47324)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sbc60xxwdt.c. A local user can escalate privileges on the system.

6) Information disclosure (CVE-ID: CVE-2021-47329)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the megasas_alloc_fusion_context() function in drivers/scsi/megaraid/megaraid_sas_fusion.c, within the megasas_probe_one() and megasas_release_fusion() functions in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can gain access to sensitive information.

7) Memory leak (CVE-ID: CVE-2021-47403)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ipoctal_port_activate() and ipoctal_cleanup() functions in drivers/ipack/devices/ipoctal.c. A local user can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2021-47409)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc2_hcd_init() function in drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.

9) Use of uninitialized resource (CVE-ID: CVE-2021-47424)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the i40e_clear_interrupt_scheme() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

10) Buffer overflow (CVE-ID: CVE-2021-47460)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ocfs2_set_inode_data_inline() and ocfs2_convert_inline_data_to_extents() functions in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.

11) Input validation error (CVE-ID: CVE-2021-47476)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sizeof() and ni6501_find_endpoints() functions in drivers/staging/comedi/drivers/ni_usb6501.c. A local user can perform a denial of service (DoS) attack.

12) Out-of-bounds read (CVE-ID: CVE-2021-47478)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the isofs_read_inode() function in fs/isofs/inode.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2021-47479)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the r871xu_dev_remove() function in drivers/staging/rtl8712/usb_intf.c. A local user can escalate privileges on the system.

14) Memory leak (CVE-ID: CVE-2021-47499)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kxcjk1013_probe() and kxcjk1013_remove() functions in drivers/iio/accel/kxcjk-1013.c. A local user can perform a denial of service (DoS) attack.

15) Buffer overflow (CVE-ID: CVE-2021-47511)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the snd_pcm_hw_param_value_min() and snd_pcm_oss_period_size() functions in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.

16) NULL pointer dereference (CVE-ID: CVE-2021-47518)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_ses_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.

17) Information disclosure (CVE-ID: CVE-2021-47538)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the rxrpc_create_peer(), rxrpc_lookup_peer(), __rxrpc_put_peer() and rxrpc_put_peer_locked() functions in net/rxrpc/peer_object.c. A local user can gain access to sensitive information.

18) Use-after-free (CVE-ID: CVE-2021-47541)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlx4_en_try_alloc_resources() function in drivers/net/ethernet/mellanox/mlx4/en_netdev.c. A local user can escalate privileges on the system.

19) NULL pointer dereference (CVE-ID: CVE-2021-47542)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qlcnic_83xx_add_rings() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c. A local user can perform a denial of service (DoS) attack.

20) Memory leak (CVE-ID: CVE-2021-47543)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fetch_kernel_version() function in tools/perf/util/util.c, within the report__browse_hists() function in tools/perf/builtin-report.c. A local user can perform a denial of service (DoS) attack.

21) Buffer overflow (CVE-ID: CVE-2021-47544)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.

22) Out-of-bounds read (CVE-ID: CVE-2021-47547)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mii_get_phy() function in drivers/net/ethernet/dec/tulip/de4x5.c. A local user can perform a denial of service (DoS) attack.

23) NULL pointer dereference (CVE-ID: CVE-2023-52686)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the opal_event_init() function in arch/powerpc/platforms/powernv/opal-irqchip.c. A local user can perform a denial of service (DoS) attack.

24) Out-of-bounds read (CVE-ID: CVE-2023-52705)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_load_super_block() function in fs/nilfs2/the_nilfs.c, within the nilfs_resize_fs() function in fs/nilfs2/super.c, within the nilfs_ioctl_set_alloc_range() function in fs/nilfs2/ioctl.c. A local user can perform a denial of service (DoS) attack.

25) NULL pointer dereference (CVE-ID: CVE-2023-52753)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dc_stream_get_vblank_counter() and dc_stream_get_scanoutpos() functions in drivers/gpu/drm/amd/display/dc/core/dc_stream.c. A local user can perform a denial of service (DoS) attack.

26) Input validation error (CVE-ID: CVE-2023-52754)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the imon_probe() function in drivers/media/rc/imon.c. A local user can perform a denial of service (DoS) attack.

27) Buffer overflow (CVE-ID: CVE-2023-52756)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the include/linux/pwm.h. A local user can escalate privileges on the system.

28) Improper locking (CVE-ID: CVE-2023-52774)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dasd_profile_start() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

29) Use-after-free (CVE-ID: CVE-2023-52803)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rpc_clnt_remove_pipedir() and rpc_setup_pipedir() functions in net/sunrpc/clnt.c. A local user can escalate privileges on the system.

30) Buffer overflow (CVE-ID: CVE-2023-52864)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.

31) NULL pointer dereference (CVE-ID: CVE-2023-52865)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early() and mtk_infrasys_init() functions in drivers/clk/mediatek/clk-mt6797.c. A local user can perform a denial of service (DoS) attack.

32) Buffer overflow (CVE-ID: CVE-2023-52871)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the qcom_llcc_probe() function in drivers/soc/qcom/llcc-qcom.c. A local user can perform a denial of service (DoS) attack.

33) Buffer overflow (CVE-ID: CVE-2024-27413)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the efi_capsule_open() function in drivers/firmware/efi/capsule-loader.c. A local user can escalate privileges on the system.

34) Improper error handling (CVE-ID: CVE-2024-35809)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.

35) Use-after-free (CVE-ID: CVE-2024-35811)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.

36) Use of uninitialized resource (CVE-ID: CVE-2024-35888)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.

37) Out-of-bounds read (CVE-ID: CVE-2024-35896)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.

38) NULL pointer dereference (CVE-ID: CVE-2024-35984)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i2c_check_for_quirks() function in drivers/i2c/i2c-core-base.c. A local user can perform a denial of service (DoS) attack.

39) Out-of-bounds read (CVE-ID: CVE-2024-36017)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.

40) Resource management error (CVE-ID: CVE-2024-36029)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sdhci_msm_runtime_suspend() and sdhci_msm_runtime_resume() functions in drivers/mmc/host/sdhci-msm.c. A local user can perform a denial of service (DoS) attack.

41) Out-of-bounds read (CVE-ID: CVE-2024-36883)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.

42) NULL pointer dereference (CVE-ID: CVE-2024-36902)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.

43) Use of uninitialized resource (CVE-ID: CVE-2024-36903)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __ip6_make_skb() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

44) Buffer overflow (CVE-ID: CVE-2024-36917)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.

45) Improper locking (CVE-ID: CVE-2024-36924)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.

46) Memory leak (CVE-ID: CVE-2024-36954)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.

47) Improper privilege management (CVE-ID: CVE-2024-36964)

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.

48) Use-after-free (CVE-ID: CVE-2023-47233)

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1705

Vulnerable Software

openEuler: 20.03 LTS SP4
perf-debuginfo: before 4.19.90-2406.2.0.0281
python2-perf-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf: before 4.19.90-2406.2.0.0281
kernel-tools-debuginfo: before 4.19.90-2406.2.0.0281
python3-perf-debuginfo: before 4.19.90-2406.2.0.0281
kernel-debuginfo: before 4.19.90-2406.2.0.0281
bpftool-debuginfo: before 4.19.90-2406.2.0.0281
kernel-source: before 4.19.90-2406.2.0.0281
kernel-debugsource: before 4.19.90-2406.2.0.0281
perf: before 4.19.90-2406.2.0.0281
kernel-tools-devel: before 4.19.90-2406.2.0.0281
kernel-devel: before 4.19.90-2406.2.0.0281
bpftool: before 4.19.90-2406.2.0.0281
kernel-tools: before 4.19.90-2406.2.0.0281
python2-perf: before 4.19.90-2406.2.0.0281
kernel: before 4.19.90-2406.2.0.0281

SB2024070360 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human