OESA-2024-1296

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1296
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-1296.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2024-1296
Upstream
Published
2024-03-22T11:07:14Z
Modified
2025-08-12T05:24:20.348543Z
Summary
kernel security update
Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

In the Linux kernel, the following vulnerability has been resolved:

media: pvrusb2: fix use after free on context disconnection

Upon module load, a kthread is created targeting the pvr2contextthreadfunc function, which may call pvr2contextdestroy and thus call kfree() on the context object. However, that might happen before the usb hubevent handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack.(CVE-2023-52445)

In the Linux kernel, the following vulnerability has been resolved:

mtd: Fix gluebi NULL pointer dereference caused by ftl notifier

If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read().

ubigluebiinit ubiregistervolumenotifier ubienumeratevolumes ubinotifyall gluebinotify nb->notifiercall() gluebicreate mtddeviceregister mtddeviceparseregister addmtddevice blktransnotifyadd not->add() ftladdmtd tr->addmtd() scanheader mtdread mtdreadoob mtdreadoobstd gluebiread mtd->read() gluebi->desc - NULL

Detailed reproduction information available at the Link [1],

In the normal case, obtain gluebi->desc in the gluebigetdevice(), and access gluebi->desc in the gluebiread(). However, gluebigetdevice() is not executed in advance in the ftladd_mtd() process, which leads to NULL pointer dereference.

The solution for the gluebi module is to run jffs2 on the UBI volume without considering working with ftl or mtdblock [2]. Therefore, this problem can be avoided by preventing gluebi from creating the mtdblock device after creating mtd partition of the type MTD_UBIVOLUME.(CVE-2023-52449)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.90-2403.3.0.0243.oe1

Ecosystem specific

{
    "aarch64": [
        "python3-perf-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "python2-perf-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "kernel-source-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "perf-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "bpftool-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "kernel-devel-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "kernel-debugsource-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "kernel-tools-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "perf-4.19.90-2403.3.0.0243.oe1.aarch64.rpm",
        "kernel-4.19.90-2403.3.0.0243.oe1.aarch64.rpm"
    ],
    "src": [
        "kernel-4.19.90-2403.3.0.0243.oe1.src.rpm"
    ],
    "x86_64": [
        "python2-perf-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "kernel-tools-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "perf-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "kernel-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "kernel-source-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "kernel-devel-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "bpftool-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "python3-perf-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "perf-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "kernel-debugsource-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm"
    ]
}