An update for kernel is now available for openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1209 Final 1.0 1.0 2023-04-11 Initial 2023-04-11 2023-04-11 openEuler SA Tool V1.0 2023-04-11 kernel security update An update for kernel is now available for openEuler-22.03-LTS-SP1. The Linux Kernel, the operating system core itself. Security Fix(es): In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).(CVE-2023-23004) A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.(CVE-2023-1249) A null pointer dereference issue was found in the unix protocol in net/unix/diag.c in Linux before 6.0. In unix_diag_get_exact, the newly allocated skb does not have sk, leading to null pointer. A local user could use this flaw to crash the system or potentially cause a denial of service. Reference: https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/ https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/ https://lore.kernel.org/netdev/20221127012412.37969-3-kuniyu@amazon.com/T/(CVE-2023-28327) Kernel: A denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c(CVE-2023-28328) A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.(CVE-2023-1380) do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).(CVE-2023-28466) In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.(CVE-2022-48424) In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.(CVE-2022-48423) In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.(CVE-2022-48425) A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.(CVE-2023-1513) Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.(CVE-2023-1281) An update for kernel is now available for openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23004 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1249 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-28327 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-28328 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1380 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-28466 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-48424 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-48423 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-48425 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1513 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-1281 https://nvd.nist.gov/vuln/detail/CVE-2023-23004 https://nvd.nist.gov/vuln/detail/CVE-2023-1249 https://nvd.nist.gov/vuln/detail/CVE-2023-28327 https://nvd.nist.gov/vuln/detail/CVE-2023-28328 https://nvd.nist.gov/vuln/detail/CVE-2023-1380 https://nvd.nist.gov/vuln/detail/CVE-2023-28466 https://nvd.nist.gov/vuln/detail/CVE-2022-48424 https://nvd.nist.gov/vuln/detail/CVE-2022-48423 https://nvd.nist.gov/vuln/detail/CVE-2022-48425 https://nvd.nist.gov/vuln/detail/CVE-2023-1513 https://nvd.nist.gov/vuln/detail/CVE-2023-1281 openEuler-22.03-LTS-SP1 kernel-tools-devel-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm bpftool-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm perf-debuginfo-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm kernel-devel-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm bpftool-debuginfo-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm kernel-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm kernel-debugsource-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm kernel-debuginfo-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm python3-perf-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm kernel-headers-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm kernel-tools-debuginfo-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm python3-perf-debuginfo-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm kernel-source-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm kernel-tools-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm perf-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm kernel-5.10.0-136.27.0.103.oe2203sp1.src.rpm kernel-debugsource-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm python3-perf-debuginfo-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm bpftool-debuginfo-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm kernel-tools-debuginfo-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm kernel-tools-devel-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm bpftool-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm kernel-devel-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm kernel-headers-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm kernel-source-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm kernel-tools-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm python3-perf-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm perf-debuginfo-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm perf-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm kernel-debuginfo-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm kernel-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). 2023-04-11 CVE-2023-23004 openEuler-22.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ( coredump: Use the vma snapshot in fill_files_note ) not applied yet, then kernel could be affected. 2023-04-11 CVE-2023-1249 openEuler-22.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 kernel: denial of service problem in net/unix/diag.c 2023-04-11 CVE-2023-28327 openEuler-22.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 Kernel: A denial of service issue in az6027 driver indrivers/media/usb/dev-usb/az6027.c 2023-04-11 CVE-2023-28328 openEuler-22.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. 2023-04-11 CVE-2023-1380 openEuler-22.03-LTS-SP1 Medium 6.6 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). 2023-04-11 CVE-2023-28466 openEuler-22.03-LTS-SP1 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. 2023-04-11 CVE-2022-48424 openEuler-22.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. 2023-04-11 CVE-2022-48423 openEuler-22.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. 2023-04-11 CVE-2022-48425 openEuler-22.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. 2023-04-11 CVE-2023-1513 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209 Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when tcf_exts_exec() is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. 2023-04-11 CVE-2023-1281 openEuler-22.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-04-11 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1209