OESA-2023-1180

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1180
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1180.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2023-1180
Upstream
Published
2023-03-24T11:05:04Z
Modified
2025-08-12T05:17:18.831994Z
Summary
kernel security update
Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

A flaw in the Linux Kernel found. Fail if no bound addresses can be used for a given scope. A type confusion can happen in inetdiagmsgsctpasocfill() in net/sctp/diag.c, which uses a type confused pointer to return information to userspace when issuing a listentry() on asoc->base.bindaddr.address_list.next when the list is empty.

References: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f https://www.openwall.com/lists/oss-security/2023/01/23/1(CVE-2023-1074)

A flaw was found in the Linux kernel. A use-after-free may be triggered in asuskbdbacklightset when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the workstruct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asuskbdleds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df(CVE-2023-1079)

A flaw found in the Linux Kernel. The missing check causes a type confusion when issuing a listentry() on an empty reportlist. The problem is caused by the assumption that the device must have valid report_list. While this will be true for all normal HID devices, a suitably malicious device can violate the assumption.

References: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b12fece4c64857e5fab4290bf01b2e0317a88456 https://www.openwall.com/lists/oss-security/2023/01/17/3(CVE-2023-1073)

Kernel: denial of service in tipcconnclose(CVE-2023-1382)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:22.03-LTS-SP1 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.0-136.24.0.100.oe2203sp1

Ecosystem specific 

{
    "src": [
        "kernel-5.10.0-136.24.0.100.oe2203sp1.src.rpm"
    ],
    "aarch64": [
        "kernel-headers-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "kernel-source-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "python3-perf-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "kernel-debugsource-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "python3-perf-debuginfo-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "perf-debuginfo-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "kernel-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "kernel-devel-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "kernel-debuginfo-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "bpftool-debuginfo-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "kernel-tools-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "kernel-tools-debuginfo-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "perf-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "bpftool-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm",
        "kernel-tools-devel-5.10.0-136.24.0.100.oe2203sp1.aarch64.rpm"
    ],
    "x86_64": [
        "kernel-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "kernel-debuginfo-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "python3-perf-debuginfo-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "perf-debuginfo-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "kernel-devel-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "bpftool-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "kernel-tools-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "perf-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "kernel-tools-devel-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "bpftool-debuginfo-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "kernel-tools-debuginfo-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "python3-perf-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "kernel-headers-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "kernel-source-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm",
        "kernel-debugsource-5.10.0-136.24.0.100.oe2203sp1.x86_64.rpm"
    ]
}