An update for kernel is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1614 Final 1.0 1.0 2023-09-09 Initial 2023-09-09 2023-09-09 openEuler SA Tool V1.0 2023-09-09 kernel security update An update for kernel is now available for openEuler-22.03-LTS. The Linux Kernel, the operating system core itself. Security Fix(es): (CVE-2023-3865) (CVE-2023-3866) A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.(CVE-2023-4132) A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.(CVE-2023-4273) An update for kernel is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1614 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-3865 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-3866 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4132 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4273 https://nvd.nist.gov/vuln/detail/CVE-2023-3865 https://nvd.nist.gov/vuln/detail/CVE-2023-3866 https://nvd.nist.gov/vuln/detail/CVE-2023-4132 https://nvd.nist.gov/vuln/detail/CVE-2023-4273 openEuler-22.03-LTS kernel-devel-5.10.0-60.110.0.137.oe2203.aarch64.rpm python3-perf-debuginfo-5.10.0-60.110.0.137.oe2203.aarch64.rpm kernel-source-5.10.0-60.110.0.137.oe2203.aarch64.rpm bpftool-5.10.0-60.110.0.137.oe2203.aarch64.rpm kernel-tools-devel-5.10.0-60.110.0.137.oe2203.aarch64.rpm perf-5.10.0-60.110.0.137.oe2203.aarch64.rpm kernel-debugsource-5.10.0-60.110.0.137.oe2203.aarch64.rpm kernel-tools-5.10.0-60.110.0.137.oe2203.aarch64.rpm kernel-tools-debuginfo-5.10.0-60.110.0.137.oe2203.aarch64.rpm python3-perf-5.10.0-60.110.0.137.oe2203.aarch64.rpm kernel-headers-5.10.0-60.110.0.137.oe2203.aarch64.rpm perf-debuginfo-5.10.0-60.110.0.137.oe2203.aarch64.rpm kernel-5.10.0-60.110.0.137.oe2203.aarch64.rpm bpftool-debuginfo-5.10.0-60.110.0.137.oe2203.aarch64.rpm kernel-debuginfo-5.10.0-60.110.0.137.oe2203.aarch64.rpm kernel-5.10.0-60.110.0.137.oe2203.src.rpm python3-perf-5.10.0-60.110.0.137.oe2203.x86_64.rpm perf-5.10.0-60.110.0.137.oe2203.x86_64.rpm python3-perf-debuginfo-5.10.0-60.110.0.137.oe2203.x86_64.rpm kernel-tools-devel-5.10.0-60.110.0.137.oe2203.x86_64.rpm bpftool-5.10.0-60.110.0.137.oe2203.x86_64.rpm kernel-tools-debuginfo-5.10.0-60.110.0.137.oe2203.x86_64.rpm kernel-5.10.0-60.110.0.137.oe2203.x86_64.rpm kernel-devel-5.10.0-60.110.0.137.oe2203.x86_64.rpm kernel-tools-5.10.0-60.110.0.137.oe2203.x86_64.rpm kernel-debugsource-5.10.0-60.110.0.137.oe2203.x86_64.rpm kernel-debuginfo-5.10.0-60.110.0.137.oe2203.x86_64.rpm bpftool-debuginfo-5.10.0-60.110.0.137.oe2203.x86_64.rpm perf-debuginfo-5.10.0-60.110.0.137.oe2203.x86_64.rpm kernel-headers-5.10.0-60.110.0.137.oe2203.x86_64.rpm kernel-source-5.10.0-60.110.0.137.oe2203.x86_64.rpm 2023-09-09 CVE-2023-3865 openEuler-22.03-LTS High 7.1 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:H kernel security update 2023-09-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1614 2023-09-09 CVE-2023-3866 openEuler-22.03-LTS Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-09-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1614 A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. 2023-09-09 CVE-2023-4132 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-09-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1614 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. 2023-09-09 CVE-2023-4273 openEuler-22.03-LTS Medium 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-09-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1614