Main Vulnerability Database SB2025020806

SB2025020806 - openEuler 22.03 LTS SP4 update for kernel

Published: February 8, 2025

Security Bulletin ID SB2025020806

Severity

Medium

Patch available

YES

Number of vulnerabilities 40

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 40 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2023-52434)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Use-after-free (CVE-ID: CVE-2023-52480)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ksmbd_expire_session(), ksmbd_sessions_deregister() and ksmbd_session_lookup() functions in fs/ksmbd/mgmt/user_session.c, within the ksmbd_conn_alloc() function in fs/ksmbd/connection.c. A local user can escalate privileges on the system.

3) Buffer overflow (CVE-ID: CVE-2023-52614)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.

4) NULL pointer dereference (CVE-ID: CVE-2023-52627)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the BIT() function in drivers/iio/adc/ad7091r5.c, within the BIT() and ad7091r_read_event_config() functions in drivers/iio/adc/ad7091r-base.c. A local user can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2023-52913)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i915_gem_init__contexts(), gem_context_register() and finalize_create_context_locked() functions in drivers/gpu/drm/i915/gem/i915_gem_context.c. A local user can escalate privileges on the system.

6) Race condition (CVE-ID: CVE-2024-24857)

The vulnerability allows a remote non-authenticated attacker to damange or delete data.

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

7) Race condition (CVE-ID: CVE-2024-24859)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.

8) Buffer overflow (CVE-ID: CVE-2024-26659)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

9) Out-of-bounds read (CVE-ID: CVE-2024-26664)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the create_core_data() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.

10) Input validation error (CVE-ID: CVE-2024-26673)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2024-26747)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_role_switch_get(), fwnode_usb_role_switch_get(), EXPORT_SYMBOL_GPL(), usb_role_switch_find_by_fwnode() and usb_role_switch_register() functions in drivers/usb/roles/class.c. A local user can perform a denial of service (DoS) attack.

12) Use-after-free (CVE-ID: CVE-2024-26748)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cdns3_gadget_giveback() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.

13) Use-after-free (CVE-ID: CVE-2024-26749)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cdns3_gadget_ep_disable() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.

14) Stack-based buffer overflow (CVE-ID: CVE-2024-26753)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the virtio_crypto_dataq_akcipher_callback() and virtio_crypto_alg_akcipher_init_session() functions in drivers/crypto/virtio/virtio_crypto_akcipher_algs.c. A local user can perform a denial of service (DoS) attack.

15) Improper locking (CVE-ID: CVE-2024-26781)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the subflow_get_info() function in net/mptcp/diag.c. A local user can perform a denial of service (DoS) attack.

16) Improper locking (CVE-ID: CVE-2024-26790)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the FSL_QDMA_CMD_PF BIT() and fsl_qdma_comp_fill_memcpy() functions in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.

17) Use-after-free (CVE-ID: CVE-2024-26793)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

18) Out-of-bounds read (CVE-ID: CVE-2024-26952)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the smb2_tree_connect(), smb2_open(), smb2_query_dir(), smb2_get_ea(), smb2_set_info_file(), smb2_set_info(), fsctl_pipe_transceive() and smb2_ioctl() functions in fs/smb/server/smb2pdu.c, within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can execute arbitrary code.

19) Out-of-bounds read (CVE-ID: CVE-2024-26954)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can perform a denial of service (DoS) attack.

20) Improper locking (CVE-ID: CVE-2024-27004)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the HLIST_HEAD(), clk_pm_runtime_put(), clk_unprepare_unused_subtree(), clk_disable_unused_subtree(), __setup(), clk_disable_unused(), __clk_release() and __clk_register() functions in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.

21) NULL pointer dereference (CVE-ID: CVE-2024-36479)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fpga_bridge_disable(), of_fpga_bridge_get(), fpga_bridge_dev_match(), fpga_bridge_get(), fpga_bridge_put(), ATTRIBUTE_GROUPS(), fpga_bridge_register() and ERR_PTR() functions in drivers/fpga/fpga-bridge.c, within the fpga_bridge_register() function in Documentation/driver-api/fpga/fpga-bridge.rst. A local user can perform a denial of service (DoS) attack.

22) NULL pointer dereference (CVE-ID: CVE-2024-37021)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ATTRIBUTE_GROUPS(), fpga_mgr_dev_match(), EXPORT_SYMBOL_GPL(), fpga_mgr_unlock(), fpga_mgr_register_full(), ERR_PTR(), fpga_mgr_register(), devm_fpga_mgr_unregister(), devm_fpga_mgr_register_full() and devm_fpga_mgr_register() functions in drivers/fpga/fpga-mgr.c, within the fpga_mgr_register() and fpga_mgr_register_full() functions in Documentation/driver-api/fpga/fpga-mgr.rst. A local user can perform a denial of service (DoS) attack.

23) Improper locking (CVE-ID: CVE-2024-40965)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.

24) Buffer overflow (CVE-ID: CVE-2024-50194)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() functions in arch/arm64/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.

25) Use-after-free (CVE-ID: CVE-2024-50280)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the check_migrations(), destroy(), cache_create() and cache_ctr() functions in drivers/md/dm-cache-target.c. A local user can escalate privileges on the system.

26) NULL pointer dereference (CVE-ID: CVE-2024-53131)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __nilfs_get_page_block() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.

27) Resource management error (CVE-ID: CVE-2024-53183)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the net_device_release() function in arch/um/drivers/net_kern.c. A local user can perform a denial of service (DoS) attack.

28) Memory leak (CVE-ID: CVE-2024-53198)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the xenbus_dev_probe() function in drivers/xen/xenbus/xenbus_probe.c. A local user can perform a denial of service (DoS) attack.

29) NULL pointer dereference (CVE-ID: CVE-2024-53201)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn20_program_pipe() function in drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c. A local user can perform a denial of service (DoS) attack.

30) Buffer overflow (CVE-ID: CVE-2024-56539)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.

31) Resource management error (CVE-ID: CVE-2024-56571)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the uvc_alloc_entity(), uvc_parse_vendor_control(), uvc_parse_standard_control() and uvc_gpio_parse() functions in drivers/media/usb/uvc/uvc_driver.c. A local user can perform a denial of service (DoS) attack.

32) NULL pointer dereference (CVE-ID: CVE-2024-56588)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the debugfs_to_reg_name_v3_hw(), debugfs_global_v3_hw_show(), debugfs_axi_v3_hw_show(), debugfs_ras_v3_hw_show(), debugfs_port_v3_hw_show(), debugfs_cq_v3_hw_show(), debugfs_dq_show_slot_v3_hw(), debugfs_iost_v3_hw_show(), debugfs_iost_cache_v3_hw_show(), debugfs_itct_v3_hw_show(), debugfs_itct_cache_v3_hw_show(), debugfs_create_files_v3_hw(), debugfs_release_v3_hw(), debugfs_snapshot_regs_v3_hw(), debugfs_bist_init_v3_hw() and debugfs_init_v3_hw() functions in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.

33) Improper locking (CVE-ID: CVE-2024-56610)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), kcsan_skip_report_debugfs(), set_report_filterlist_whitelist(), insert_report_filterlist() and show_info() functions in kernel/kcsan/debugfs.c. A local user can perform a denial of service (DoS) attack.

34) NULL pointer dereference (CVE-ID: CVE-2024-56611)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the migrate_to_node() function in mm/mempolicy.c. A local user can perform a denial of service (DoS) attack.

35) Use-after-free (CVE-ID: CVE-2024-56623)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qla2x00_do_dpc() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.

36) NULL pointer dereference (CVE-ID: CVE-2024-56688)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xs_sock_reset_state_flags() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.

37) Double free (CVE-ID: CVE-2024-56704)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the xen_9pfs_front_free() function in net/9p/trans_xen.c. A local user can perform a denial of service (DoS) attack.

38) Memory leak (CVE-ID: CVE-2024-56715)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ionic_lif_register() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.

39) Memory leak (CVE-ID: CVE-2024-56746)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sh7760fb_alloc_mem() function in drivers/video/fbdev/sh7760fb.c. A local user can perform a denial of service (DoS) attack.

40) Use-after-free (CVE-ID: CVE-2024-57892)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brelse() function in fs/ocfs2/quota_local.c, within the ocfs2_get_next_id() function in fs/ocfs2/quota_global.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1096

Vulnerable Software

openEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-248.0.0.147
python3-perf: before 5.10.0-248.0.0.147
perf-debuginfo: before 5.10.0-248.0.0.147
perf: before 5.10.0-248.0.0.147
kernel-tools-devel: before 5.10.0-248.0.0.147
kernel-tools-debuginfo: before 5.10.0-248.0.0.147
kernel-tools: before 5.10.0-248.0.0.147
kernel-source: before 5.10.0-248.0.0.147
kernel-headers: before 5.10.0-248.0.0.147
kernel-devel: before 5.10.0-248.0.0.147
kernel-debugsource: before 5.10.0-248.0.0.147
kernel-debuginfo: before 5.10.0-248.0.0.147
bpftool-debuginfo: before 5.10.0-248.0.0.147
bpftool: before 5.10.0-248.0.0.147
kernel: before 5.10.0-248.0.0.147

SB2025020806 - openEuler 22.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human