An update for kernel is now available for openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1845 Final 1.0 1.0 2023-11-17 Initial 2023-11-17 2023-11-17 openEuler SA Tool V1.0 2023-11-17 kernel security update An update for kernel is now available for openEuler-22.03-LTS-SP2. The Linux Kernel, the operating system core itself. Security Fix(es): An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.(CVE-2022-45884) Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2023-3327) A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.(CVE-2023-39198) A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. (CVE-2023-4623) A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. (CVE-2023-5197) An update for kernel is now available for openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1845 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45884 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-3327 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-39198 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4623 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-5197 https://nvd.nist.gov/vuln/detail/CVE-2022-45884 https://nvd.nist.gov/vuln/detail/CVE-2023-3327 https://nvd.nist.gov/vuln/detail/CVE-2023-39198 https://nvd.nist.gov/vuln/detail/CVE-2023-4623 https://nvd.nist.gov/vuln/detail/CVE-2023-5197 openEuler-22.03-LTS-SP2 bpftool-debuginfo-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm perf-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm bpftool-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm python3-perf-debuginfo-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm kernel-devel-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm kernel-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm python3-perf-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm kernel-tools-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm kernel-debuginfo-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm kernel-tools-debuginfo-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm kernel-source-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm kernel-tools-devel-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm kernel-debugsource-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm kernel-headers-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm perf-debuginfo-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm kernel-5.10.0-153.33.0.110.oe2203sp2.src.rpm bpftool-debuginfo-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm kernel-debugsource-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm kernel-headers-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm perf-debuginfo-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm kernel-tools-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm bpftool-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm kernel-debuginfo-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm kernel-tools-devel-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm python3-perf-debuginfo-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm kernel-devel-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm kernel-tools-debuginfo-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm kernel-source-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm python3-perf-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm kernel-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm perf-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. 2023-11-17 CVE-2022-45884 openEuler-22.03-LTS-SP2 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-11-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1845 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 2023-11-17 CVE-2023-3327 openEuler-22.03-LTS-SP2 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-11-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1845 A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. 2023-11-17 CVE-2023-39198 openEuler-22.03-LTS-SP2 High 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H kernel security update 2023-11-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1845 A use-after-free vulnerability in the Linux kernel s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. 2023-11-17 CVE-2023-4623 openEuler-22.03-LTS-SP2 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-11-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1845 A use-after-free vulnerability in the Linux kernel s netfilter: nf_tables component can be exploited to achieve local privilege escalation.Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. 2023-11-17 CVE-2023-5197 openEuler-22.03-LTS-SP2 Medium 6.6 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H kernel security update 2023-11-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1845