OESA-2023-1584
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1584
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2023-1584.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2023-1584
- Upstream
- Published
- 2023-09-02T11:05:50Z
- Modified
- 2025-08-12T05:17:25.259567Z
- Summary
- kernel security update
- Details
-
The Linux Kernel, the operating system core itself.
Security Fix(es):
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.(CVE-2023-1206)
A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service (DoS) of the host by sending network packets to the backend, causing the backend to crash.(CVE-2023-34319)
An issue was discovered in l2capsockrelease in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.(CVE-2023-40283)
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tunchropen(): correctly initialize socket uid"), - 66b2c338adce ("tap: tapopen(): correctly initialize socket uid"), pass "inode->iuid" to sockinitdata_uid() as the last parameter and that turns out to not be accurate.(CVE-2023-4194)
A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.(CVE-2023-4385)
A NULL pointer dereference flaw was found in vmxnet3rqcleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.(CVE-2023-4459)
- Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1584
- https://nvd.nist.gov/vuln/detail/CVE-2023-1206
- https://nvd.nist.gov/vuln/detail/CVE-2023-34319
- https://nvd.nist.gov/vuln/detail/CVE-2023-40283
- https://nvd.nist.gov/vuln/detail/CVE-2023-4194
- https://nvd.nist.gov/vuln/detail/CVE-2023-4385
- https://nvd.nist.gov/vuln/detail/CVE-2023-4459
Affected packages
openEuler:20.03-LTS-SP3 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.19.90-2308.5.0.0216.oe1
Ecosystem specific
{
"src": [
"kernel-4.19.90-2308.5.0.0216.oe1.src.rpm"
],
"x86_64": [
"kernel-tools-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"bpftool-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"python3-perf-debuginfo-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"bpftool-debuginfo-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"kernel-debuginfo-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"perf-debuginfo-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"perf-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"python3-perf-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"python2-perf-debuginfo-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"kernel-debugsource-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"kernel-source-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"kernel-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"kernel-devel-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"kernel-tools-devel-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"kernel-tools-debuginfo-4.19.90-2308.5.0.0216.oe1.x86_64.rpm",
"python2-perf-4.19.90-2308.5.0.0216.oe1.x86_64.rpm"
],
"aarch64": [
"kernel-devel-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"python2-perf-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"perf-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"kernel-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"bpftool-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"python3-perf-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"kernel-debuginfo-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"bpftool-debuginfo-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"kernel-tools-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"kernel-tools-debuginfo-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"kernel-debugsource-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"kernel-source-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"perf-debuginfo-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"python2-perf-debuginfo-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"python3-perf-debuginfo-4.19.90-2308.5.0.0216.oe1.aarch64.rpm",
"kernel-tools-devel-4.19.90-2308.5.0.0216.oe1.aarch64.rpm"
]
}