An update for kernel is now available for openEuler-20.03-LTS-SP4
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2024-1297
Final
1.0
1.0
2024-03-22
Initial
2024-03-22
2024-03-22
openEuler SA Tool V1.0
2024-03-22
kernel security update
An update for kernel is now available for openEuler-20.03-LTS-SP4.
The Linux Kernel, the operating system core itself.
Security Fix(es):
In the Linux kernel, the following vulnerability has been resolved:
media: pvrusb2: fix use after free on context disconnection
Upon module load, a kthread is created targeting the
pvr2_context_thread_func function, which may call pvr2_context_destroy
and thus call kfree() on the context object. However, that might happen
before the usb hub_event handler is able to notify the driver. This
patch adds a sanity check before the invalid read reported by syzbot,
within the context disconnection call stack.(CVE-2023-52445)
In the Linux kernel, the following vulnerability has been resolved:
mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
If both ftl.ko and gluebi.ko are loaded, the notifier of ftl
triggers NULL pointer dereference when trying to access
‘gluebi->desc’ in gluebi_read().
ubi_gluebi_init
ubi_register_volume_notifier
ubi_enumerate_volumes
ubi_notify_all
gluebi_notify nb->notifier_call()
gluebi_create
mtd_device_register
mtd_device_parse_register
add_mtd_device
blktrans_notify_add not->add()
ftl_add_mtd tr->add_mtd()
scan_header
mtd_read
mtd_read_oob
mtd_read_oob_std
gluebi_read mtd->read()
gluebi->desc - NULL
Detailed reproduction information available at the Link [1],
In the normal case, obtain gluebi->desc in the gluebi_get_device(),
and access gluebi->desc in the gluebi_read(). However,
gluebi_get_device() is not executed in advance in the
ftl_add_mtd() process, which leads to NULL pointer dereference.
The solution for the gluebi module is to run jffs2 on the UBI
volume without considering working with ftl or mtdblock [2].
Therefore, this problem can be avoided by preventing gluebi from
creating the mtdblock device after creating mtd partition of the
type MTD_UBIVOLUME.(CVE-2023-52449)
An update for kernel is now available for openEuler-20.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
kernel
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1297
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-52445
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-52449
https://nvd.nist.gov/vuln/detail/CVE-2023-52445
https://nvd.nist.gov/vuln/detail/CVE-2023-52449
openEuler-20.03-LTS-SP4
bpftool-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
kernel-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
kernel-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
kernel-debugsource-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
kernel-source-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
kernel-tools-devel-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
perf-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
perf-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
python2-perf-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
python3-perf-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
python2-perf-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
python3-perf-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
kernel-devel-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
kernel-tools-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
bpftool-4.19.90-2403.3.0.0270.oe2003sp4.aarch64.rpm
kernel-4.19.90-2403.3.0.0270.oe2003sp4.src.rpm
python2-perf-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
kernel-tools-devel-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
kernel-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
bpftool-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
kernel-tools-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
kernel-devel-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
perf-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
kernel-debugsource-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
perf-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
python2-perf-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
kernel-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
kernel-tools-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
kernel-source-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
python3-perf-debuginfo-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
python3-perf-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
bpftool-4.19.90-2403.3.0.0270.oe2003sp4.x86_64.rpm
In the Linux kernel, the following vulnerability has been resolved:
media: pvrusb2: fix use after free on context disconnection
Upon module load, a kthread is created targeting the
pvr2_context_thread_func function, which may call pvr2_context_destroy
and thus call kfree() on the context object. However, that might happen
before the usb hub_event handler is able to notify the driver. This
patch adds a sanity check before the invalid read reported by syzbot,
within the context disconnection call stack.
2024-03-22
CVE-2023-52445
openEuler-20.03-LTS-SP4
High
7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2024-03-22
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1297
In the Linux kernel, the following vulnerability has been resolved:mtd: Fix gluebi NULL pointer dereference caused by ftl notifierIf both ftl.ko and gluebi.ko are loaded, the notifier of ftltriggers NULL pointer dereference when trying to access‘gluebi->desc’ in gluebi_read().ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_mtd tr->add_mtd() scan_header mtd_read mtd_read_oob mtd_read_oob_std gluebi_read mtd->read() gluebi->desc - NULLDetailed reproduction information available at the Link [1],In the normal case, obtain gluebi->desc in the gluebi_get_device(),and access gluebi->desc in the gluebi_read(). However,gluebi_get_device() is not executed in advance in theftl_add_mtd() process, which leads to NULL pointer dereference.The solution for the gluebi module is to run jffs2 on the UBIvolume without considering working with ftl or mtdblock [2].Therefore, this problem can be avoided by preventing gluebi fromcreating the mtdblock device after creating mtd partition of thetype MTD_UBIVOLUME.
2024-03-22
CVE-2023-52449
openEuler-20.03-LTS-SP4
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2024-03-22
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1297