An update for kernel is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-release@openeuler.org openEuler release SIG openEuler-HotPatchSA-2024-1024 Final 1.0 1.0 2024-08-09 Initial 2024-08-09 2024-08-09 openEuler HotPatchSA Tool V1.0 2024-08-09 kernel security update An update for kernel is now available for openEuler-20.03-LTS-SP4 The Linux Kernel, the operating system core itself. Security Fix(es): In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVMAP_HASH type, which contains the same check, copied from the hashtab code. So apply the same fix to hashtab, by moving the overflow check to before the roundup.(CVE-2024-26884) An update for kernel is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-HotPatchSA-2024-1024 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26884 https://nvd.nist.gov/vuln/detail/CVE-2024-26884 openEuler-20.03-LTS-SP4 kernel-4.19.90-2312.1.0.0255.oe2003sp4-ACC-1-2.src.rpm patch-kernel-4.19.90-2312.1.0.0255.oe2003sp4-ACC-1-2.x86_64.rpm patch-kernel-4.19.90-2312.1.0.0255.oe2003sp4-ACC-1-2.aarch64.rpm In the Linux kernel, the following vulnerability has been resolved:bpf: Fix hashtab overflow check on 32-bit archesThe hashtab code relies on roundup_pow_of_two() to compute the number ofhash buckets, and contains an overflow check by checking if theresulting value is 0. However, on 32-bit arches, the roundup code itselfcan overflow by doing a 32-bit left-shift of an unsigned long value,which is undefined behaviour, so it is not guaranteed to truncateneatly. This was triggered by syzbot on the DEVMAP_HASH type, whichcontains the same check, copied from the hashtab code. So apply the samefix to hashtab, by moving the overflow check to before the roundup. 2024-08-09 CVE-2024-26884 openEuler-20.03-LTS-SP4 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2024-08-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-HotPatchSA-2024-1024