OESA-2023-1209

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1209
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2023-1209.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2023-1209
Upstream
Published
2023-04-11T11:05:07Z
Modified
2025-08-12T05:16:26.866010Z
Summary
kernel security update
Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidpplanes.c misinterprets the getsg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).(CVE-2023-23004)

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fillfilesnote") not applied yet, then kernel could be affected.(CVE-2023-1249)

A null pointer dereference issue was found in the unix protocol in net/unix/diag.c in Linux before 6.0. In unixdiagget_exact, the newly allocated skb does not have sk, leading to null pointer. A local user could use this flaw to crash the system or potentially cause a denial of service.

Reference: https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/ https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/ https://lore.kernel.org/netdev/20221127012412.37969-3-kuniyu@amazon.com/T/(CVE-2023-28327)

Kernel: A denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c(CVE-2023-28328)

A slab-out-of-bound read problem was found in brcmfgetassocies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when associnfo->reqlen data is bigger than the size of the buffer, defined as WLEXTRABUFMAX, leading to a denial of service.(CVE-2023-1380)

dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).(CVE-2023-28466)

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.(CVE-2022-48424)

In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.(CVE-2022-48423)

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.(CVE-2022-48425)

A flaw was found in KVM. When calling the KVMGETDEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.(CVE-2023-1513)

Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcfextsexec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.(CVE-2023-1281)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS-SP1 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.0-136.27.0.103.oe2203sp1

Ecosystem specific 

{
    "x86_64": [
        "kernel-debugsource-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "python3-perf-debuginfo-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "bpftool-debuginfo-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "kernel-tools-debuginfo-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "kernel-tools-devel-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "bpftool-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "kernel-devel-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "kernel-headers-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "kernel-source-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "kernel-tools-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "python3-perf-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "perf-debuginfo-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "perf-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "kernel-debuginfo-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm",
        "kernel-5.10.0-136.27.0.103.oe2203sp1.x86_64.rpm"
    ],
    "aarch64": [
        "kernel-tools-devel-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "bpftool-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "perf-debuginfo-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "kernel-devel-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "bpftool-debuginfo-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "kernel-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "kernel-debugsource-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "kernel-debuginfo-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "python3-perf-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "kernel-headers-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "kernel-tools-debuginfo-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "python3-perf-debuginfo-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "kernel-source-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "kernel-tools-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm",
        "perf-5.10.0-136.27.0.103.oe2203sp1.aarch64.rpm"
    ],
    "src": [
        "kernel-5.10.0-136.27.0.103.oe2203sp1.src.rpm"
    ]
}