An update for kernel is now available for openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1197 Final 1.0 1.0 2023-03-31 Initial 2023-03-31 2023-03-31 openEuler SA Tool V1.0 2023-03-31 kernel security update An update for kernel is now available for openEuler-20.03-LTS-SP3. The Linux Kernel, the operating system core itself. Security Fix(es): Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.(CVE-2022-29901) A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.(CVE-2022-4269) A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.(CVE-2023-1079) Kernel: denial of service in tipc_conn_close(CVE-2023-1382) do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).(CVE-2023-28466) Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.(CVE-2023-1281) An update for kernel is now available for openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1197 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29901 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-4269 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1079 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1382 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-28466 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1281 https://nvd.nist.gov/vuln/detail/CVE-2022-29901 https://nvd.nist.gov/vuln/detail/CVE-2022-4269 https://nvd.nist.gov/vuln/detail/CVE-2023-1079 https://nvd.nist.gov/vuln/detail/CVE-2023-1382 https://nvd.nist.gov/vuln/detail/CVE-2023-28466 https://nvd.nist.gov/vuln/detail/CVE-2023-1281 openEuler-20.03-LTS-SP3 python2-perf-debuginfo-4.19.90-2303.5.0.0194.oe1.aarch64.rpm python2-perf-4.19.90-2303.5.0.0194.oe1.aarch64.rpm kernel-4.19.90-2303.5.0.0194.oe1.aarch64.rpm kernel-tools-debuginfo-4.19.90-2303.5.0.0194.oe1.aarch64.rpm kernel-devel-4.19.90-2303.5.0.0194.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2303.5.0.0194.oe1.aarch64.rpm bpftool-4.19.90-2303.5.0.0194.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2303.5.0.0194.oe1.aarch64.rpm python3-perf-4.19.90-2303.5.0.0194.oe1.aarch64.rpm perf-4.19.90-2303.5.0.0194.oe1.aarch64.rpm bpftool-debuginfo-4.19.90-2303.5.0.0194.oe1.aarch64.rpm kernel-source-4.19.90-2303.5.0.0194.oe1.aarch64.rpm perf-debuginfo-4.19.90-2303.5.0.0194.oe1.aarch64.rpm kernel-tools-4.19.90-2303.5.0.0194.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2303.5.0.0194.oe1.aarch64.rpm kernel-debugsource-4.19.90-2303.5.0.0194.oe1.aarch64.rpm kernel-4.19.90-2303.5.0.0194.oe1.src.rpm python2-perf-4.19.90-2303.5.0.0194.oe1.x86_64.rpm kernel-4.19.90-2303.5.0.0194.oe1.x86_64.rpm bpftool-debuginfo-4.19.90-2303.5.0.0194.oe1.x86_64.rpm python3-perf-4.19.90-2303.5.0.0194.oe1.x86_64.rpm bpftool-4.19.90-2303.5.0.0194.oe1.x86_64.rpm python2-perf-debuginfo-4.19.90-2303.5.0.0194.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2303.5.0.0194.oe1.x86_64.rpm perf-debuginfo-4.19.90-2303.5.0.0194.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2303.5.0.0194.oe1.x86_64.rpm kernel-debugsource-4.19.90-2303.5.0.0194.oe1.x86_64.rpm kernel-devel-4.19.90-2303.5.0.0194.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2303.5.0.0194.oe1.x86_64.rpm kernel-tools-4.19.90-2303.5.0.0194.oe1.x86_64.rpm perf-4.19.90-2303.5.0.0194.oe1.x86_64.rpm kernel-debuginfo-4.19.90-2303.5.0.0194.oe1.x86_64.rpm kernel-source-4.19.90-2303.5.0.0194.oe1.x86_64.rpm Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. 2023-03-31 CVE-2022-29901 openEuler-20.03-LTS-SP3 Medium 5.6 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N kernel security update 2023-03-31 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1197 A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. 2023-03-31 CVE-2022-4269 openEuler-20.03-LTS-SP3 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-03-31 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1197 A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. 2023-03-31 CVE-2023-1079 openEuler-20.03-LTS-SP3 Medium 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-03-31 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1197 Kernel: denial of service in tipc_conn_close 2023-03-31 CVE-2023-1382 openEuler-20.03-LTS-SP3 Low 0.0 kernel security update 2023-03-31 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1197 do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). 2023-03-31 CVE-2023-28466 openEuler-20.03-LTS-SP3 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-03-31 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1197 Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when tcf_exts_exec() is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. 2023-03-31 CVE-2023-1281 openEuler-20.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-03-31 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1197