OESA-2023-1470
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1470
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2023-1470.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2023-1470
- Upstream
- Published
- 2023-08-06T11:05:37Z
- Modified
- 2025-08-12T05:18:03.747857Z
- Summary
- kernel security update
- Details
-
The Linux Kernel, the operating system core itself.
Security Fix(es):
In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
(CVE-2023-21255)
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.
If tcfchangeindev() fails, u32setparms() will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
(CVE-2023-3609)
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
The qfqchangeagg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.
We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.
(CVE-2023-3611)
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.
If tcfchangeindev() fails, fwsetparms() will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.
We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
(CVE-2023-3776)
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2023-3812)
- Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1470
- https://nvd.nist.gov/vuln/detail/CVE-2023-21255
- https://nvd.nist.gov/vuln/detail/CVE-2023-3609
- https://nvd.nist.gov/vuln/detail/CVE-2023-3611
- https://nvd.nist.gov/vuln/detail/CVE-2023-3776
- https://nvd.nist.gov/vuln/detail/CVE-2023-3812
Affected packages
openEuler:20.03-LTS-SP3 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.19.90-2308.1.0.0212.oe1
Ecosystem specific
{
"aarch64": [
"bpftool-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"perf-debuginfo-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"python2-perf-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"kernel-devel-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"python3-perf-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"kernel-debugsource-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"python2-perf-debuginfo-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"kernel-debuginfo-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"kernel-source-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"kernel-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"kernel-tools-debuginfo-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"perf-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"python3-perf-debuginfo-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"bpftool-debuginfo-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"kernel-tools-devel-4.19.90-2308.1.0.0212.oe1.aarch64.rpm",
"kernel-tools-4.19.90-2308.1.0.0212.oe1.aarch64.rpm"
],
"x86_64": [
"perf-debuginfo-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"kernel-tools-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"python2-perf-debuginfo-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"perf-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"kernel-devel-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"bpftool-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"python2-perf-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"kernel-tools-debuginfo-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"python3-perf-debuginfo-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"bpftool-debuginfo-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"kernel-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"kernel-debuginfo-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"kernel-source-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"kernel-tools-devel-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"kernel-debugsource-4.19.90-2308.1.0.0212.oe1.x86_64.rpm",
"python3-perf-4.19.90-2308.1.0.0212.oe1.x86_64.rpm"
],
"src": [
"kernel-4.19.90-2308.1.0.0212.oe1.src.rpm"
]
}