OESA-2024-1286

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1286
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-1286.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2024-1286
Upstream
Published
2024-03-15T11:07:13Z
Modified
2025-08-12T05:24:19.781653Z
Summary
kernel security update
Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

In the Linux kernel, the following vulnerability has been resolved:

uio: Fix use-after-free in uio_open

core-1 core-2

uiounregisterdevice uioopen idev = idrfind() deviceunregister(&idev->dev) putdevice(&idev->dev) uiodevicerelease getdevice(&idev->dev) kfree(idev) uiofreeminor(minor) uiorelease put_device(&idev->dev)

kfree(idev)

In the core-1 uiounregisterdevice(), the deviceunregister will kfree idev when the idev->dev kobject ref is 1. But after core-1 deviceunregister, putdevice and before doing kfree, the core-2 may getdevice. Then: 1. After core-1 kfree idev, the core-2 will do use-after-free for idev. 2. When core-2 do uiorelease and putdevice, the idev will be double freed.

To address this issue, we can get idev atomic & inc idev reference with minor_lock.(CVE-2023-52439)

NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.

This issue affects Linux kernel: v2.6.12-rc2.

(CVE-2024-22099)

In btrfsgetroot_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.(CVE-2024-23850)

copyparams in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INTMAX bytes, and crash, because of a missing paramkernel->datasize check. This is related to ctl_ioctl.(CVE-2024-23851)

In the Linux kernel, the following vulnerability has been resolved:

tls: fix race between async notify and socket close

The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data.

Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization.

Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires.(CVE-2024-26583)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP3 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.0-191.0.0.104.oe2203sp3

Ecosystem specific 

{
    "src": [
        "kernel-5.10.0-191.0.0.104.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "kernel-debuginfo-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "kernel-tools-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "kernel-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "python3-perf-debuginfo-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "kernel-headers-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "python3-perf-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "kernel-tools-debuginfo-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "kernel-devel-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "perf-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "perf-debuginfo-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "kernel-tools-devel-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "kernel-debugsource-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm",
        "kernel-source-5.10.0-191.0.0.104.oe2203sp3.x86_64.rpm"
    ],
    "aarch64": [
        "kernel-tools-devel-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "kernel-devel-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "perf-debuginfo-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "kernel-tools-debuginfo-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "kernel-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "kernel-headers-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "python3-perf-debuginfo-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "kernel-tools-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "kernel-debuginfo-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "python3-perf-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "kernel-source-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "perf-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm",
        "kernel-debugsource-5.10.0-191.0.0.104.oe2203sp3.aarch64.rpm"
    ]
}