Main Vulnerability Database SB2024070835

SB2024070835 - openEuler 22.03 LTS SP3 update for kernel

Published: July 8, 2024 Updated: March 14, 2025

Security Bulletin ID SB2024070835

Severity

Medium

Patch available

YES

Number of vulnerabilities 33

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 33 secuirty vulnerabilities.

1) Improper locking (CVE-ID: CVE-2023-52615)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.

2) Reachable assertion (CVE-ID: CVE-2023-52621)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

3) Improper locking (CVE-ID: CVE-2023-52623)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2023-52629)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the switch_drv_remove() function in arch/sh/drivers/push-switch.c. A local user can escalate privileges on the system.

5) Improper locking (CVE-ID: CVE-2023-52635)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.

6) Buffer overflow (CVE-ID: CVE-2023-52655)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the aqc111_rx_fixup() function in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.

7) NULL pointer dereference (CVE-ID: CVE-2023-52675)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the update_events_in_group() function in arch/powerpc/perf/imc-pmu.c. A local user can perform a denial of service (DoS) attack.

8) Integer overflow (CVE-ID: CVE-2023-52676)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the check_ptr_to_map_access() and check_stack_access_within_bounds() functions in kernel/bpf/verifier.c. A local user can execute arbitrary code.

9) Buffer overflow (CVE-ID: CVE-2023-52685)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the persistent_ram_init_ecc() function in fs/pstore/ram_core.c. A local user can escalate privileges on the system.

10) Memory leak (CVE-ID: CVE-2023-52690)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the scom_debug_init_one() function in arch/powerpc/platforms/powernv/opal-xscom.c. A local user can perform a denial of service (DoS) attack.

11) Resource management error (CVE-ID: CVE-2023-52694)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the tpd12s015_probe() function in drivers/gpu/drm/bridge/ti-tpd12s015.c. A local user can perform a denial of service (DoS) attack.

12) Buffer overflow (CVE-ID: CVE-2024-26610)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

13) Resource management error (CVE-ID: CVE-2024-26661)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dcn21_set_abm_immediate_disable() function in drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c. A local user can perform a denial of service (DoS) attack.

14) Input validation error (CVE-ID: CVE-2024-26675)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

15) Improper locking (CVE-ID: CVE-2024-26686)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_task_stat() function in fs/proc/array.c. A local user can perform a denial of service (DoS) attack.

16) Out-of-bounds read (CVE-ID: CVE-2024-26702)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rm3100_common_probe() function in drivers/iio/magnetometer/rm3100-core.c. A local user can perform a denial of service (DoS) attack.

17) Buffer overflow (CVE-ID: CVE-2024-26712)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the kasan_init_region() function in arch/powerpc/mm/kasan/kasan_init_32.c. A local user can perform a denial of service (DoS) attack.

18) Memory leak (CVE-ID: CVE-2024-26825)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nci_free_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

19) Out-of-bounds read (CVE-ID: CVE-2024-26851)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.

20) Memory leak (CVE-ID: CVE-2024-26900)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

21) Information disclosure (CVE-ID: CVE-2024-26901)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.

22) NULL pointer dereference (CVE-ID: CVE-2024-26903)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.

23) Improper locking (CVE-ID: CVE-2024-26923)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.

24) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2024-26926)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the binder_get_object() function in drivers/android/binder.c. A local user can influence the pointer offset and potentially execute arbitrary code.

25) Reachable assertion (CVE-ID: CVE-2024-26937)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the gen11_emit_fini_breadcrumb_rcs() function in drivers/gpu/drm/i915/gt/intel_lrc.c, within the __engine_park() function in drivers/gpu/drm/i915/gt/intel_engine_pm.c. A local user can perform a denial of service (DoS) attack.

26) Use-after-free (CVE-ID: CVE-2024-27395)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ovs_ct_limit_exit() function in net/openvswitch/conntrack.c. A local user can escalate privileges on the system.

27) Use-after-free (CVE-ID: CVE-2024-27396)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_dellink() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

28) Use-after-free (CVE-ID: CVE-2024-27398)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.

29) Use of uninitialized resource (CVE-ID: CVE-2024-27431)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cpu_map_bpf_prog_run_xdp() function in kernel/bpf/cpumap.c. A local user can perform a denial of service (DoS) attack.

30) Use-after-free (CVE-ID: CVE-2024-35791)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the svm_register_enc_region() function in arch/x86/kvm/svm/sev.c. A local user can escalate privileges on the system.

31) Input validation error (CVE-ID: CVE-2024-35845)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.

32) Information disclosure (CVE-ID: CVE-2024-35849)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.

33) NULL pointer dereference (CVE-ID: CVE-2024-35943)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the omap_prm_domain_init() function in drivers/pmdomain/ti/omap_prm.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1650

Vulnerable Software

openEuler: 22.03 LTS SP3
kernel-debugsource: before 5.10.0-200.0.0.113
perf-debuginfo: before 5.10.0-200.0.0.113
kernel-tools: before 5.10.0-200.0.0.113
perf: before 5.10.0-200.0.0.113
kernel-debuginfo: before 5.10.0-200.0.0.113
kernel-tools-debuginfo: before 5.10.0-200.0.0.113
python3-perf-debuginfo: before 5.10.0-200.0.0.113
kernel-tools-devel: before 5.10.0-200.0.0.113
kernel-devel: before 5.10.0-200.0.0.113
python3-perf: before 5.10.0-200.0.0.113
kernel-headers: before 5.10.0-200.0.0.113
kernel-source: before 5.10.0-200.0.0.113
kernel: before 5.10.0-200.0.0.113

SB2024070835 - openEuler 22.03 LTS SP3 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human