SB2025012454 - openEuler 22.03 LTS SP3 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025012454

SB2025012454 - openEuler 22.03 LTS SP3 update for kernel

Published: January 24, 2025

Security Bulletin ID SB2025012454
Severity
Low
Patch available
YES
Number of vulnerabilities 20
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 20 secuirty vulnerabilities.


1) Race condition (CVE-ID: CVE-2024-24858)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.


2) NULL pointer dereference (CVE-ID: CVE-2024-26813)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.


3) Use of uninitialized resource (CVE-ID: CVE-2024-26857)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the geneve_rx() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.


4) Buffer overflow (CVE-ID: CVE-2024-26956)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.


5) Out-of-bounds read (CVE-ID: CVE-2024-26966)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.


6) Out-of-bounds read (CVE-ID: CVE-2024-26969)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.


7) Use-after-free (CVE-ID: CVE-2024-26974)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can escalate privileges on the system.


8) Out-of-bounds read (CVE-ID: CVE-2024-26981)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.


9) Use-after-free (CVE-ID: CVE-2024-26996)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ncm_set_alt() and ncm_disable() functions in drivers/usb/gadget/function/f_ncm.c. A local user can escalate privileges on the system.


10) Resource management error (CVE-ID: CVE-2024-27001)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vmk80xx_find_usb_endpoints() function in drivers/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.


11) Buffer overflow (CVE-ID: CVE-2024-44969)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.


12) Out-of-bounds read (CVE-ID: CVE-2024-50279)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.


13) NULL pointer dereference (CVE-ID: CVE-2024-53050)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the intel_dp_hdcp2_get_capability() function in drivers/gpu/drm/i915/display/intel_dp_hdcp.c. A local user can perform a denial of service (DoS) attack.


14) NULL pointer dereference (CVE-ID: CVE-2024-53226)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hns_roce_set_page() and hns_roce_map_mr_sg() functions in drivers/infiniband/hw/hns/hns_roce_mr.c. A local user can perform a denial of service (DoS) attack.


15) NULL pointer dereference (CVE-ID: CVE-2024-56549)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cachefiles_ondemand_fd_write_iter() and cachefiles_ondemand_fd_llseek() functions in fs/cachefiles/ondemand.c, within the cachefiles_commit_object() and cachefiles_clean_up_object() functions in fs/cachefiles/interface.c. A local user can perform a denial of service (DoS) attack.


16) Out-of-bounds read (CVE-ID: CVE-2024-56626)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smb2_write() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.


17) Out-of-bounds read (CVE-ID: CVE-2024-56648)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fill_frame_info() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.


18) Input validation error (CVE-ID: CVE-2024-56690)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pcrypt_aead_encrypt() and pcrypt_aead_decrypt() functions in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.


19) Input validation error (CVE-ID: CVE-2024-56728)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the otx2_get_pauseparam() and otx2_set_fecparam() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c. A local user can perform a denial of service (DoS) attack.


20) NULL pointer dereference (CVE-ID: CVE-2024-56758)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the relocate_one_folio() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References