Main Vulnerability Database SB2024110895

SB2024110895 - openEuler 22.03 LTS SP4 update for kernel

Published: November 8, 2024 Updated: January 4, 2026

Security Bulletin ID SB2024110895

Severity

Low

Patch available

YES

Number of vulnerabilities 75

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 75 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2022-48961)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mdio_device_free() and EXPORT_SYMBOL() functions in drivers/net/phy/mdio_device.c, within the of_mdiobus_register_device() function in drivers/net/mdio/of_mdio.c. A local user can perform a denial of service (DoS) attack.

2) Information disclosure (CVE-ID: CVE-2022-48975)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the gpiochip_setup_dev(), gpiochip_add_data_with_key(), gpiochip_remove_pin_ranges() and ida_free() functions in drivers/gpio/gpiolib.c. A local user can gain access to sensitive information.

3) Resource management error (CVE-ID: CVE-2022-49004)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/riscv/include/asm/pgalloc.h, arch/riscv/include/asm/efi.h. A local user can perform a denial of service (DoS) attack.

4) Improper Initialization (CVE-ID: CVE-2024-45021)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2024-46677)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.

6) Improper error handling (CVE-ID: CVE-2024-46809)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the get_ss_info_v3_1(), get_ss_info_from_internal_ss_info_tbl_V2_1(), get_ss_info_from_ss_info_table(), get_ss_entry_number_from_ss_info_tbl(), get_ss_entry_number_from_internal_ss_info_tbl_v2_1() and get_ss_entry_number_from_internal_ss_info_tbl_V3_1() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser.c. A local user can perform a denial of service (DoS) attack.

7) Input validation error (CVE-ID: CVE-2024-47659)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rcu_read_unlock() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.

8) Improper locking (CVE-ID: CVE-2024-47660)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __fsnotify_recalc_mask() function in fs/notify/mark.c, within the fsnotify_sb_delete(), __fsnotify_update_child_dentry_flags() and __fsnotify_parent() functions in fs/notify/fsnotify.c. A local user can perform a denial of service (DoS) attack.

9) Buffer overflow (CVE-ID: CVE-2024-47668)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.

10) Resource management error (CVE-ID: CVE-2024-47673)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iwl_mvm_stop_device() function in drivers/net/wireless/intel/iwlwifi/mvm/ops.c. A local user can perform a denial of service (DoS) attack.

11) Improper error handling (CVE-ID: CVE-2024-47690)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_get_parent() and f2fs_lookup() functions in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.

12) Use-after-free (CVE-ID: CVE-2024-47691)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the f2fs_shutdown() function in fs/f2fs/super.c, within the f2fs_ioc_abort_atomic_write(), f2fs_do_shutdown() and f2fs_ioc_shutdown() functions in fs/f2fs/file.c. A local user can escalate privileges on the system.

13) Resource management error (CVE-ID: CVE-2024-47693)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ib_cache_setup_one() function in drivers/infiniband/core/cache.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2024-47696)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iw_cm_init() function in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.

15) NULL pointer dereference (CVE-ID: CVE-2024-47699)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nilfs_btree_root_broken() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

16) Use-after-free (CVE-ID: CVE-2024-47701)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_find_inline_entry() function in fs/ext4/inline.c. A local user can escalate privileges on the system.

17) Incorrect calculation (CVE-ID: CVE-2024-47703)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the mark_reg_unknown(), check_packet_access(), check_ctx_access(), check_stack_access_within_bounds(), check_mem_access() and check_return_code() functions in kernel/bpf/verifier.c, within the btf_ctx_access() function in kernel/bpf/btf.c, within the BTF_SET_START() function in kernel/bpf/bpf_lsm.c. A local user can perform a denial of service (DoS) attack.

18) NULL pointer dereference (CVE-ID: CVE-2024-47705)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the blk_add_partition() function in block/partitions/core.c. A local user can perform a denial of service (DoS) attack.

19) Out-of-bounds read (CVE-ID: CVE-2024-47723)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diAlloc() function in fs/jfs/jfs_imap.c, within the dbMount() and dbNextAG() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

20) Improper locking (CVE-ID: CVE-2024-47726)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_setattr() and f2fs_fallocate() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

21) Improper locking (CVE-ID: CVE-2024-47739)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the padata_do_serial() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

22) Incorrect calculation (CVE-ID: CVE-2024-47742)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

23) Use-after-free (CVE-ID: CVE-2024-47748)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_vdpa_setup_vq_irq(), vhost_vdpa_vring_ioctl() and vhost_vdpa_open() functions in drivers/vhost/vdpa.c. A local user can escalate privileges on the system.

24) NULL pointer dereference (CVE-ID: CVE-2024-47756)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ks_pcie_quirk() function in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.

25) Use-after-free (CVE-ID: CVE-2024-49855)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_requeue_cmd() and nbd_xmit_timeout() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

26) Buffer overflow (CVE-ID: CVE-2024-49858)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efi_retrieve_tpm2_eventlog() function in drivers/firmware/efi/libstub/tpm.c. A local user can perform a denial of service (DoS) attack.

27) Input validation error (CVE-ID: CVE-2024-49859)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_defragment_range(), f2fs_move_file_range() and f2fs_ioc_set_pin_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

28) Buffer overflow (CVE-ID: CVE-2024-49860)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the acpi_device_setup_files() function in drivers/acpi/device_sysfs.c. A local user can perform a denial of service (DoS) attack.

29) Off-by-one (CVE-ID: CVE-2024-49862)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the get_rpi() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.

30) NULL pointer dereference (CVE-ID: CVE-2024-49877)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

31) NULL pointer dereference (CVE-ID: CVE-2024-49879)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the omapdrm_init() and omap_gem_deinit() functions in drivers/gpu/drm/omapdrm/omap_drv.c. A local user can perform a denial of service (DoS) attack.

32) Memory leak (CVE-ID: CVE-2024-49881)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the get_ext_path() function in fs/ext4/move_extent.c, within the ext4_find_extent() and ext4_split_extent_at() functions in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

33) Improper error handling (CVE-ID: CVE-2024-49882)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

34) Use-after-free (CVE-ID: CVE-2024-49883)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fs/ext4/extents.c. A local user can escalate privileges on the system.

35) Use-after-free (CVE-ID: CVE-2024-49884)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extent_at() and ext4_ext_dirty() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

36) Out-of-bounds read (CVE-ID: CVE-2024-49886)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.

37) Use-after-free (CVE-ID: CVE-2024-49889)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_split_extents(), ext4_split_extent() and ext4_ext_handle_unwritten_extents() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.

38) NULL pointer dereference (CVE-ID: CVE-2024-49896)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the are_stream_backends_same() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

39) NULL pointer dereference (CVE-ID: CVE-2024-49913)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the commit_planes_for_stream() function in drivers/gpu/drm/amd/display/dc/core/dc.c. A local user can perform a denial of service (DoS) attack.

40) NULL pointer dereference (CVE-ID: CVE-2024-49917)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn30_init_hw() function in drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c. A local user can perform a denial of service (DoS) attack.

41) NULL pointer dereference (CVE-ID: CVE-2024-49922)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the create_validate_stream_for_sink(), amdgpu_dm_commit_streams() and amdgpu_dm_atomic_commit_tail() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

42) Use-after-free (CVE-ID: CVE-2024-49924)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pxafb_remove() function in drivers/video/fbdev/pxafb.c. A local user can escalate privileges on the system.

43) Out-of-bounds read (CVE-ID: CVE-2024-49933)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.

44) Use-after-free (CVE-ID: CVE-2024-49934)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dump_mapping() function in fs/inode.c. A local user can escalate privileges on the system.

45) Use-after-free (CVE-ID: CVE-2024-49936)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xenvif_new_hash() and xenvif_flush_hash() functions in drivers/net/xen-netback/hash.c. A local user can escalate privileges on the system.

46) NULL pointer dereference (CVE-ID: CVE-2024-49940)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pppol2tp_session_setsockopt() function in net/l2tp/l2tp_ppp.c, within the l2tp_nl_cmd_session_modify() function in net/l2tp/l2tp_netlink.c, within the l2tp_v3_session_get(), l2tp_session_register(), l2tp_recv_common(), EXPORT_SYMBOL_GPL(), l2tp_session_set_header_len() and l2tp_session_create() functions in net/l2tp/l2tp_core.c. A local user can perform a denial of service (DoS) attack.

47) Use-after-free (CVE-ID: CVE-2024-49950)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

48) Resource management error (CVE-ID: CVE-2024-49954)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the static_call_module_notify() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

49) Resource management error (CVE-ID: CVE-2024-49955)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the battery_hook_unregister_unlocked() and battery_hook_register() functions in drivers/acpi/battery.c. A local user can perform a denial of service (DoS) attack.

50) Input validation error (CVE-ID: CVE-2024-49958)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.

51) Buffer overflow (CVE-ID: CVE-2024-49973)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.

52) Memory leak (CVE-ID: CVE-2024-49975)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __create_xol_area() function in kernel/events/uprobes.c. A local user can perform a denial of service (DoS) attack.

53) NULL pointer dereference (CVE-ID: CVE-2024-49978)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.

54) Use-after-free (CVE-ID: CVE-2024-49981)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the venus_remove() function in drivers/media/platform/qcom/venus/core.c. A local user can escalate privileges on the system.

55) Use-after-free (CVE-ID: CVE-2024-49992)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ltdc_crtc_atomic_print_state(), ltdc_plane_atomic_print_state(), ltdc_plane_create(), ltdc_crtc_init(), ltdc_encoder_init(), ltdc_load() and ltdc_unload() functions in drivers/gpu/drm/stm/ltdc.c, within the drv_load() function in drivers/gpu/drm/stm/drv.c. A local user can escalate privileges on the system.

56) Buffer overflow (CVE-ID: CVE-2024-49995)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bearer_name_validate() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

57) Buffer overflow (CVE-ID: CVE-2024-49996)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_reparse_posix() and cifs_reparse_point_to_fattr() functions in fs/smb/client/reparse.c. A local user can escalate privileges on the system.

58) NULL pointer dereference (CVE-ID: CVE-2024-50002)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the static_call_del_module() function in kernel/static_call_inline.c. A local user can perform a denial of service (DoS) attack.

59) Out-of-bounds read (CVE-ID: CVE-2024-50007)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.

60) Resource management error (CVE-ID: CVE-2024-50008)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mwifiex_ret_802_11_scan_ext() function in drivers/net/wireless/marvell/mwifiex/scan.c. A local user can perform a denial of service (DoS) attack.

61) Buffer overflow (CVE-ID: CVE-2024-50015)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ext4_handle_inode_extension(), ext4_dio_write_iter() and ext4_dax_write_iter() functions in fs/ext4/file.c. A local user can escalate privileges on the system.

62) Integer overflow (CVE-ID: CVE-2024-50016)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the dp_set_test_pattern() function in drivers/gpu/drm/amd/display/dc/link/accessories/link_dp_cts.c. A local user can execute arbitrary code.

63) Incorrect calculation (CVE-ID: CVE-2024-50028)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the thermal_genl_cmd_tz_get_trip(), thermal_genl_cmd_tz_get_temp() and thermal_genl_cmd_tz_get_gov() functions in drivers/thermal/thermal_netlink.c, within the thermal_zone_get_by_id() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.

64) Use of uninitialized resource (CVE-ID: CVE-2024-50033)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.

65) Use of uninitialized resource (CVE-ID: CVE-2024-50035)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

66) Improper error handling (CVE-ID: CVE-2024-50040)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

67) Improper locking (CVE-ID: CVE-2024-50047)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

68) Input validation error (CVE-ID: CVE-2024-50058)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

69) Race condition (CVE-ID: CVE-2024-50059)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.

70) Improper locking (CVE-ID: CVE-2024-50060)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __io_cqring_overflow_flush() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

71) Buffer overflow (CVE-ID: CVE-2024-50063)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the bpf_prog_map_compatible() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

72) Information disclosure (CVE-ID: CVE-2024-50064)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the zram_destroy_comps() function in drivers/block/zram/zram_drv.c. A local user can gain access to sensitive information.

73) Use-after-free (CVE-ID: CVE-2024-50067)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uprobe_buffer_init(), prepare_uprobe_buffer() and __uprobe_trace_func() functions in kernel/trace/trace_uprobe.c. A local user can escalate privileges on the system.

74) Out-of-bounds read (CVE-ID: CVE-2024-50074)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.

75) Resource management error (CVE-ID: CVE-2024-50083)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2368

Vulnerable Software

openEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-235.0.0.134
python3-perf: before 5.10.0-235.0.0.134
perf-debuginfo: before 5.10.0-235.0.0.134
perf: before 5.10.0-235.0.0.134
kernel-tools-devel: before 5.10.0-235.0.0.134
kernel-tools-debuginfo: before 5.10.0-235.0.0.134
kernel-tools: before 5.10.0-235.0.0.134
kernel-source: before 5.10.0-235.0.0.134
kernel-headers: before 5.10.0-235.0.0.134
kernel-devel: before 5.10.0-235.0.0.134
kernel-debugsource: before 5.10.0-235.0.0.134
kernel-debuginfo: before 5.10.0-235.0.0.134
bpftool-debuginfo: before 5.10.0-235.0.0.134
bpftool: before 5.10.0-235.0.0.134
kernel: before 5.10.0-235.0.0.134

SB2024110895 - openEuler 22.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human