OESA-2023-1053

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1053
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1053.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2023-1053
Upstream
Published
2023-02-03T11:04:50Z
Modified
2025-08-12T05:16:07.896428Z
Summary
kernel security update
Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

In bindervmaclose of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel(CVE-2023-20928)

A heap overflow bug in ksmbddecodentlmsspauthblob in which ntlen can be less than CIFSENCPWDSIZE. This results in a negative blen argument for ksmbdauthntlmv2, where it calls memcpy using blen on memory allocated by kmalloc(blen + CIFSCRYPTOKEYSIZE). Note that CIFSENCPWDSIZE is 16 and CIFSCRYPTOKEY_SIZE is 8. We believe this bug can only result in a remote DOS and not privilege escalation nor RCE, as the heap overflow occurs when blen is in range (-8, -1].”

Reference: https://securityonline.info/cve-2023-0210-flaw-in-linux-kernel-allows-unauthenticated-remote-dos-attacks/ https://www.spinics.net/lists/stable-commits/msg282893.html(CVE-2023-0210)

In rndisqueryoid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.(CVE-2023-23559)

There exists a use-after-free vulnerability in the Linux kernel through iouring and the IORINGOPSPLICE operation. If IORINGOPSPLICE is missing the IOWQWORKFILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling iosplice on specific files will call the getuts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above(CVE-2022-4696)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP1 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.0-136.17.0.93.oe2203sp1

Ecosystem specific 

{
    "x86_64": [
        "kernel-tools-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "python3-perf-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "bpftool-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "kernel-devel-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "kernel-headers-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "python3-perf-debuginfo-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "kernel-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "bpftool-debuginfo-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "kernel-debuginfo-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "kernel-tools-debuginfo-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "kernel-source-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "kernel-tools-devel-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "kernel-debugsource-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "perf-debuginfo-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm",
        "perf-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm"
    ],
    "aarch64": [
        "kernel-devel-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "perf-debuginfo-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "bpftool-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "kernel-tools-devel-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "python3-perf-debuginfo-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "kernel-tools-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "perf-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "kernel-headers-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "kernel-tools-debuginfo-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "kernel-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "bpftool-debuginfo-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "python3-perf-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "kernel-debuginfo-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "kernel-debugsource-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm",
        "kernel-source-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm"
    ],
    "src": [
        "kernel-5.10.0-136.17.0.93.oe2203sp1.src.rpm"
    ]
}