SB2024112268 - openEuler 22.03 LTS SP1 update for kernel

Main Vulnerability Database SB2024112268

SB2024112268 - openEuler 22.03 LTS SP1 update for kernel

Published: November 22, 2024

Security Bulletin ID SB2024112268

Severity

Low

Patch available

YES

Number of vulnerabilities 26

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 26 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-48878)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qca_serdev_shutdown() function in drivers/bluetooth/hci_qca.c. A local user can escalate privileges on the system.

2) Resource management error (CVE-ID: CVE-2022-48953)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cmos_check_acpi_rtc_status(), cmos_pnp_probe(), cmos_of_init() and cmos_platform_probe() functions in drivers/rtc/rtc-cmos.c. A local user can perform a denial of service (DoS) attack.

3) Double free (CVE-ID: CVE-2022-49026)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the e100_xmit_prepare() function in drivers/net/ethernet/intel/e100.c. A local user can perform a denial of service (DoS) attack.

4) Memory leak (CVE-ID: CVE-2024-35833)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.

5) Resource management error (CVE-ID: CVE-2024-36005)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.

6) Improper error handling (CVE-ID: CVE-2024-36950)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.

7) NULL pointer dereference (CVE-ID: CVE-2024-43911)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ieee80211_start_tx_ba_session() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.

8) Division by zero (CVE-ID: CVE-2024-47663)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9834_write_frequency() function in drivers/staging/iio/frequency/ad9834.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2024-47666)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pm8001_phy_control() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.

10) Memory leak (CVE-ID: CVE-2024-47728)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the BPF_CALL_5() function in net/core/filter.c, within the BPF_CALL_4() function in kernel/bpf/syscall.c, within the BPF_CALL_4() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2024-49914)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

12) Use-after-free (CVE-ID: CVE-2024-49945)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ncsi_unregister_dev() function in net/ncsi/ncsi-manage.c. A local user can escalate privileges on the system.

13) Resource management error (CVE-ID: CVE-2024-49963)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bcm2835_mbox_probe() function in drivers/mailbox/bcm2835-mailbox.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2024-49982)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ata_rw_frameinit(), aoecmd_ata_rw(), resend(), probe() and aoecmd_ata_id() functions in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

15) Improper locking (CVE-ID: CVE-2024-50099)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arm_probe_decode_insn() and arm_kprobe_decode_insn() functions in arch/arm64/kernel/probes/decode-insn.c. A local user can perform a denial of service (DoS) attack.

16) Out-of-bounds read (CVE-ID: CVE-2024-50115)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nested_svm_get_tdp_pdptr() function in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.

17) Improper locking (CVE-ID: CVE-2024-50138)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bpf_ringbuf_alloc() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.

18) Resource management error (CVE-ID: CVE-2024-50184)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the virtio_pmem_flush() function in drivers/nvdimm/nd_virtio.c. A local user can perform a denial of service (DoS) attack.

19) Resource management error (CVE-ID: CVE-2024-50195)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

20) NULL pointer dereference (CVE-ID: CVE-2024-50198)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the in_illuminance_period_available_show() function in drivers/iio/light/veml6030.c. A local user can perform a denial of service (DoS) attack.

21) Use of uninitialized resource (CVE-ID: CVE-2024-50237)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.

22) Input validation error (CVE-ID: CVE-2024-50242)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ntfs_file_release() function in fs/ntfs3/file.c. A local user can perform a denial of service (DoS) attack.

23) Improper locking (CVE-ID: CVE-2024-50245)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ntfs_lookup() function in fs/ntfs3/namei.c. A local user can perform a denial of service (DoS) attack.

24) Buffer overflow (CVE-ID: CVE-2024-50246)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mi_enum_attr() function in fs/ntfs3/record.c. A local user can perform a denial of service (DoS) attack.

25) Out-of-bounds read (CVE-ID: CVE-2024-50247)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the decompress_chunk() function in fs/ntfs3/lznt.c. A local user can perform a denial of service (DoS) attack.

26) Use-after-free (CVE-ID: CVE-2023-6270)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2445

Vulnerable Software

openEuler: 22.03 LTS SP1
python3-perf-debuginfo: before 5.10.0-136.102.0.183
python3-perf: before 5.10.0-136.102.0.183
perf-debuginfo: before 5.10.0-136.102.0.183
perf: before 5.10.0-136.102.0.183
kernel-tools-devel: before 5.10.0-136.102.0.183
kernel-tools-debuginfo: before 5.10.0-136.102.0.183
kernel-tools: before 5.10.0-136.102.0.183
kernel-source: before 5.10.0-136.102.0.183
kernel-headers: before 5.10.0-136.102.0.183
kernel-devel: before 5.10.0-136.102.0.183
kernel-debugsource: before 5.10.0-136.102.0.183
kernel-debuginfo: before 5.10.0-136.102.0.183
kernel: before 5.10.0-136.102.0.183