SB2024070836 - openEuler 20.03 LTS SP1 update for kernel

Description

This security bulletin contains information about 16 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2022-48636)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dasd_alias_remove_device() and dasd_alias_get_start_dev() functions in drivers/s390/block/dasd_alias.c. A local user can perform a denial of service (DoS) attack.

2) Improper locking (CVE-ID: CVE-2022-48664)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the close_ctree() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

3) NULL pointer dereference (CVE-ID: CVE-2023-52675)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the update_events_in_group() function in arch/powerpc/perf/imc-pmu.c. A local user can perform a denial of service (DoS) attack.

4) Buffer overflow (CVE-ID: CVE-2023-52685)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the persistent_ram_init_ecc() function in fs/pstore/ram_core.c. A local user can escalate privileges on the system.

5) Memory leak (CVE-ID: CVE-2024-26825)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nci_free_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

6) Out-of-bounds read (CVE-ID: CVE-2024-26851)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.

7) Use-after-free (CVE-ID: CVE-2024-26865)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_twsk_purge() function in net/ipv4/tcp_minisocks.c. A local user can escalate privileges on the system.

8) Information disclosure (CVE-ID: CVE-2024-26901)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.

9) NULL pointer dereference (CVE-ID: CVE-2024-26903)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.

10) Integer underflow (CVE-ID: CVE-2024-26921)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nf_ct_frag6_queue() and nf_ct_frag6_gather() functions in net/ipv6/netfilter/nf_conntrack_reasm.c, within the ip_frag_queue() and ip_defrag() functions in net/ipv4/ip_fragment.c, within the FRAG_CB(), inet_frag_queue_insert(), inet_frag_reasm_prepare(), EXPORT_SYMBOL() and inet_frag_reasm_finish() functions in net/ipv4/inet_fragment.c. A local user can execute arbitrary code.

11) Improper locking (CVE-ID: CVE-2024-26923)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.

12) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2024-26926)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the binder_get_object() function in drivers/android/binder.c. A local user can influence the pointer offset and potentially execute arbitrary code.

13) Use-after-free (CVE-ID: CVE-2024-27395)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ovs_ct_limit_exit() function in net/openvswitch/conntrack.c. A local user can escalate privileges on the system.

14) Use-after-free (CVE-ID: CVE-2024-27396)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_dellink() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

15) Use-after-free (CVE-ID: CVE-2024-27398)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.

16) Information disclosure (CVE-ID: CVE-2024-35849)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1651