An update for kernel is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1071 Final 1.0 1.0 2023-02-10 Initial 2023-02-10 2023-02-10 openEuler SA Tool V1.0 2023-02-10 kernel security update An update for kernel is now available for openEuler-22.03-LTS. The Linux Kernel, the operating system core itself. Security Fix(es): A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.(CVE-2023-0179) atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23455) cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23454) An update for kernel is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1071 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-0179 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23455 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23454 https://nvd.nist.gov/vuln/detail/CVE-2023-0179 https://nvd.nist.gov/vuln/detail/CVE-2023-23455 https://nvd.nist.gov/vuln/detail/CVE-2023-23454 openEuler-22.03-LTS kernel-5.10.0-60.79.0.103.oe2203.aarch64.rpm python3-perf-5.10.0-60.79.0.103.oe2203.aarch64.rpm kernel-debuginfo-5.10.0-60.79.0.103.oe2203.aarch64.rpm python3-perf-debuginfo-5.10.0-60.79.0.103.oe2203.aarch64.rpm kernel-debugsource-5.10.0-60.79.0.103.oe2203.aarch64.rpm kernel-tools-5.10.0-60.79.0.103.oe2203.aarch64.rpm bpftool-5.10.0-60.79.0.103.oe2203.aarch64.rpm perf-5.10.0-60.79.0.103.oe2203.aarch64.rpm kernel-tools-debuginfo-5.10.0-60.79.0.103.oe2203.aarch64.rpm kernel-source-5.10.0-60.79.0.103.oe2203.aarch64.rpm kernel-headers-5.10.0-60.79.0.103.oe2203.aarch64.rpm kernel-tools-devel-5.10.0-60.79.0.103.oe2203.aarch64.rpm bpftool-debuginfo-5.10.0-60.79.0.103.oe2203.aarch64.rpm kernel-devel-5.10.0-60.79.0.103.oe2203.aarch64.rpm perf-debuginfo-5.10.0-60.79.0.103.oe2203.aarch64.rpm kernel-5.10.0-60.79.0.103.oe2203.src.rpm bpftool-5.10.0-60.79.0.103.oe2203.x86_64.rpm perf-debuginfo-5.10.0-60.79.0.103.oe2203.x86_64.rpm kernel-debugsource-5.10.0-60.79.0.103.oe2203.x86_64.rpm kernel-devel-5.10.0-60.79.0.103.oe2203.x86_64.rpm kernel-5.10.0-60.79.0.103.oe2203.x86_64.rpm kernel-tools-debuginfo-5.10.0-60.79.0.103.oe2203.x86_64.rpm python3-perf-debuginfo-5.10.0-60.79.0.103.oe2203.x86_64.rpm kernel-tools-5.10.0-60.79.0.103.oe2203.x86_64.rpm kernel-debuginfo-5.10.0-60.79.0.103.oe2203.x86_64.rpm perf-5.10.0-60.79.0.103.oe2203.x86_64.rpm python3-perf-5.10.0-60.79.0.103.oe2203.x86_64.rpm kernel-source-5.10.0-60.79.0.103.oe2203.x86_64.rpm kernel-headers-5.10.0-60.79.0.103.oe2203.x86_64.rpm kernel-tools-devel-5.10.0-60.79.0.103.oe2203.x86_64.rpm bpftool-debuginfo-5.10.0-60.79.0.103.oe2203.x86_64.rpm A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. 2023-02-10 CVE-2023-0179 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-02-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1071 atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). 2023-02-10 CVE-2023-23455 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-02-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1071 cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). 2023-02-10 CVE-2023-23454 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-02-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1071