SB2024090668 - openEuler 22.03 LTS SP1 update for kernel
Published: September 6, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 35 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2022-48811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_crq_queue(), __ibmvnic_open() and ibmvnic_open() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
2) Out-of-bounds read (CVE-ID: CVE-2022-48871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_tx_fifo_size() and qcom_geni_serial_port_setup() functions in drivers/tty/serial/qcom_geni_serial.c. A local user can perform a denial of service (DoS) attack.
3) Improper error handling (CVE-ID: CVE-2022-48875)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the drv_ampdu_action() function in net/mac80211/driver-ops.c, within the ieee80211_tx_ba_session_handle_start() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2022-48877)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_lookup_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
5) Improper locking (CVE-ID: CVE-2022-48891)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the da9211_i2c_probe() function in drivers/regulator/da9211-regulator.c. A local user can perform a denial of service (DoS) attack.
6) NULL pointer dereference (CVE-ID: CVE-2023-52889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apparmor_socket_sock_rcv_skb() function in security/apparmor/lsm.c. A local user can perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2023-52896)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_qgroup_rescan_worker() and mutex_unlock() functions in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2023-52899)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the axi_chan_handle_err() function in drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c. A local user can perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2023-52906)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the valid_label() and NLA_POLICY_EXACT_LEN() functions in net/sched/act_mpls.c. A local user can perform a denial of service (DoS) attack.
10) Out-of-bounds read (CVE-ID: CVE-2024-40901)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
11) Improper error handling (CVE-ID: CVE-2024-41008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kfd_smi_event_update_thermal_throttling() function in drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c, within the sdma_v4_4_2_print_iv_entry() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c, within the sdma_v4_0_print_iv_entry() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c, within the gmc_v9_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c, within the gmc_v8_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c, within the gmc_v11_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c, within the gmc_v10_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c, within the amdgpu_vm_ptes_update() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c, within the amdgpu_vm_validate(), amdgpu_vm_wait_idle(), amdgpu_vm_init(), amdgpu_vm_fini() and amdgpu_vm_ioctl() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c, within the amdgpu_coredump() function in drivers/gpu/drm/amd/amdgpu/amdgpu_reset.c, within the amdgpu_job_timedout() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c, within the amdgpu_gem_object_open() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c, within the amdgpu_debugfs_vm_info_show() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.
12) Out-of-bounds read (CVE-ID: CVE-2024-41016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ocfs2_xattr_find_entry() function in fs/ocfs2/xattr.c. A local user can perform a denial of service (DoS) attack.
13) NULL pointer dereference (CVE-ID: CVE-2024-41060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.
14) Resource management error (CVE-ID: CVE-2024-41082)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.
15) Improper locking (CVE-ID: CVE-2024-42153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wait_reset(), i2c_pnx_master_xmit(), i2c_pnx_master_rcv(), i2c_pnx_interrupt(), i2c_pnx_timeout(), i2c_pnx_xfer() and i2c_pnx_probe() functions in drivers/i2c/busses/i2c-pnx.c. A local user can perform a denial of service (DoS) attack.
16) Resource management error (CVE-ID: CVE-2024-42230)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.
17) NULL pointer dereference (CVE-ID: CVE-2024-42286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.
18) Buffer overflow (CVE-ID: CVE-2024-42288)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
19) Improper error handling (CVE-ID: CVE-2024-42295)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2024-42299)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the blksize_bits() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.
21) Input validation error (CVE-ID: CVE-2024-42312)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.
22) NULL pointer dereference (CVE-ID: CVE-2024-43824)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_test_core_init() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2024-43834)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xdp_unreg_mem_model() function in net/core/xdp.c. A local user can escalate privileges on the system.
24) Memory leak (CVE-ID: CVE-2024-43854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
25) Input validation error (CVE-ID: CVE-2024-43883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
26) NULL pointer dereference (CVE-ID: CVE-2024-43884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
27) Division by zero (CVE-ID: CVE-2024-43889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
28) Buffer overflow (CVE-ID: CVE-2024-43890)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
29) NULL pointer dereference (CVE-ID: CVE-2024-43898)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_da_do_write_end() function in fs/ext4/inode.c, within the __block_commit_write() function in fs/buffer.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2024-43905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_find_dpm_states_clocks_in_dpm_table(), vega10_generate_dpm_level_enable_mask(), vega10_check_states_equal(), vega10_set_sclk_od(), vega10_set_mclk_od(), vega10_odn_update_power_state() and vega10_get_performance_level() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c. A local user can perform a denial of service (DoS) attack.
31) NULL pointer dereference (CVE-ID: CVE-2024-43908)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_interrupt_process_handler() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2024-44934)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_multicast_del_port() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.
33) Out-of-bounds read (CVE-ID: CVE-2024-44938)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbDiscardAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
34) Type Confusion (CVE-ID: CVE-2024-44944)
The vulnerability allows a local user to gain access to sensitive information.
35) Use-after-free (CVE-ID: CVE-2024-44946)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.