Main Vulnerability Database SB2024072120

SB2024072120 - openEuler 24.03 LTS update for kernel

Published: July 21, 2024

Security Bulletin ID SB2024072120

Severity

Low

Patch available

YES

Number of vulnerabilities 46

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 46 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2022-48772)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2024-31076)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.

3) NULL pointer dereference (CVE-ID: CVE-2024-36489)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.

4) Improper locking (CVE-ID: CVE-2024-36949)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.

5) Race condition (CVE-ID: CVE-2024-36952)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.

6) Improper locking (CVE-ID: CVE-2024-36962)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ks8851_dbg_dumpkkt(), ks8851_rx_pkts() and ks8851_irq() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.

7) Buffer overflow (CVE-ID: CVE-2024-36965)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the scp_elf_read_ipi_buf_addr() and scp_ipi_init() functions in drivers/remoteproc/mtk_scp.c. A local user can escalate privileges on the system.

8) Resource management error (CVE-ID: CVE-2024-37353)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.

9) Race condition (CVE-ID: CVE-2024-37354)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

10) Out-of-bounds read (CVE-ID: CVE-2024-37356)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2024-38551)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the set_card_codec_info() function in sound/soc/mediatek/common/mtk-soundcard-driver.c. A local user can perform a denial of service (DoS) attack.

12) Out-of-bounds read (CVE-ID: CVE-2024-38552)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

13) Memory leak (CVE-ID: CVE-2024-38554)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2024-38555)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.

15) Out-of-bounds read (CVE-ID: CVE-2024-38562)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nl80211_trigger_scan() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

16) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-38564)

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to improper checks within with bpf_prog_attach_check_attach_type() function in kernel/bpf/syscall.c. A local user can bypass certain security restrictions.

17) Buffer overflow (CVE-ID: CVE-2024-38577)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.

18) Buffer overflow (CVE-ID: CVE-2024-38579)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.

19) Improper locking (CVE-ID: CVE-2024-38582)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

20) Use-after-free (CVE-ID: CVE-2024-38588)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lookup_rec(), ftrace_location_range(), ftrace_process_locs(), ftrace_release_mod() and ftrace_free_mem() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.

21) Out-of-bounds read (CVE-ID: CVE-2024-38598)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.

22) Out-of-bounds read (CVE-ID: CVE-2024-38599)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.

23) Memory leak (CVE-ID: CVE-2024-38602)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_addr_ax25dev(), ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.

24) Resource management error (CVE-ID: CVE-2024-38604)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the blkdev_iomap_begin() function in block/fops.c. A local user can perform a denial of service (DoS) attack.

25) Use-after-free (CVE-ID: CVE-2024-38610)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the acrn_vm_memseg_unmap() and acrn_vm_ram_map() functions in drivers/virt/acrn/mm.c. A local user can escalate privileges on the system.

26) NULL pointer dereference (CVE-ID: CVE-2024-38622)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dpu_core_irq_callback_handler() function in drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c. A local user can perform a denial of service (DoS) attack.

27) Buffer overflow (CVE-ID: CVE-2024-38623)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the fs/ntfs3/ntfs.h. A local user can perform a denial of service (DoS) attack.

28) Integer overflow (CVE-ID: CVE-2024-38624)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the log_read_rst() function in fs/ntfs3/fslog.c. A local user can execute arbitrary code.

29) NULL pointer dereference (CVE-ID: CVE-2024-38625)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ntfs_get_block_vbo() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.

30) Improper locking (CVE-ID: CVE-2024-38628)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the free_ep_fback(), u_audio_set_volume(), u_audio_set_mute() and g_audio_setup() functions in drivers/usb/gadget/function/u_audio.c. A local user can perform a denial of service (DoS) attack.

31) Use-after-free (CVE-ID: CVE-2024-38629)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the idxd_wq_del_cdev() function in drivers/dma/idxd/cdev.c. A local user can escalate privileges on the system.

32) Use-after-free (CVE-ID: CVE-2024-38630)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cpu5wdt_exit() function in drivers/watchdog/cpu5wdt.c. A local user can escalate privileges on the system.

33) Improper locking (CVE-ID: CVE-2024-38634)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.

34) NULL pointer dereference (CVE-ID: CVE-2024-38637)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.

35) Improper locking (CVE-ID: CVE-2024-38662)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

36) Improper locking (CVE-ID: CVE-2024-38664)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the zynqmp_dpsub_probe() and zynqmp_dpsub_remove() functions in drivers/gpu/drm/xlnx/zynqmp_dpsub.c. A local user can perform a denial of service (DoS) attack.

37) Improper locking (CVE-ID: CVE-2024-38780)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.

38) Resource management error (CVE-ID: CVE-2024-39296)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bonding_init() and bonding_exit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

39) Use of uninitialized resource (CVE-ID: CVE-2024-39301)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.

40) Improper locking (CVE-ID: CVE-2024-39362)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i2c_acpi_find_client_by_adev() and i2c_acpi_notify() functions in drivers/i2c/i2c-core-acpi.c. A local user can perform a denial of service (DoS) attack.

41) NULL pointer dereference (CVE-ID: CVE-2024-39371)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the io_ring_buffer_select() function in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.

42) Out-of-bounds read (CVE-ID: CVE-2024-39461)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the raspberrypi_discover_clocks() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.

43) NULL pointer dereference (CVE-ID: CVE-2024-39466)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lmh_probe() function in drivers/thermal/qcom/lmh.c. A local user can perform a denial of service (DoS) attack.

44) Out-of-bounds read (CVE-ID: CVE-2024-39467)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.

45) Improper locking (CVE-ID: CVE-2024-39468)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smb2_find_smb_tcon() function in fs/smb/client/smb2transport.c. A local user can perform a denial of service (DoS) attack.

46) NULL pointer dereference (CVE-ID: CVE-2024-39470)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the eventfs_find_events() function in fs/tracefs/event_inode.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1836

Vulnerable Software

openEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-33.0.0.40
python3-perf: before 6.6.0-33.0.0.40
perf-debuginfo: before 6.6.0-33.0.0.40
perf: before 6.6.0-33.0.0.40
kernel-tools-devel: before 6.6.0-33.0.0.40
kernel-tools-debuginfo: before 6.6.0-33.0.0.40
kernel-tools: before 6.6.0-33.0.0.40
kernel-source: before 6.6.0-33.0.0.40
kernel-headers: before 6.6.0-33.0.0.40
kernel-devel: before 6.6.0-33.0.0.40
kernel-debugsource: before 6.6.0-33.0.0.40
kernel-debuginfo: before 6.6.0-33.0.0.40
bpftool-debuginfo: before 6.6.0-33.0.0.40
bpftool: before 6.6.0-33.0.0.40
kernel: before 6.6.0-33.0.0.40

SB2024072120 - openEuler 24.03 LTS update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human