OESA-2024-1035

An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravbremove in drivers/net/ethernet/renesas/ravbmain.c.(CVE-2023-35827)

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOCSETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsmdlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.(CVE-2023-6546)

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.(CVE-2023-6606)

An out-of-bounds read vulnerability was found in smb2dumpdetail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.(CVE-2023-6610)

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The function nftpipapowalk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.

We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a.

(CVE-2023-6817)

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.

A perfevent's readsize can overflow, leading to an heap out-of-bounds increment or write in perfreadgroup().

We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.

(CVE-2023-6931)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP3 / kernel

Package

Name: kernel
Purl: pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.0-183.0.0.96.oe2203sp3

Ecosystem specific

{
    "src": [
        "kernel-5.10.0-183.0.0.96.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "perf-debuginfo-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "kernel-debuginfo-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "kernel-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "kernel-tools-devel-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "python3-perf-debuginfo-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "kernel-tools-debuginfo-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "kernel-headers-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "kernel-source-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "kernel-devel-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "kernel-tools-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "python3-perf-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "kernel-debugsource-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm",
        "perf-5.10.0-183.0.0.96.oe2203sp3.x86_64.rpm"
    ],
    "aarch64": [
        "kernel-tools-debuginfo-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "python3-perf-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "kernel-debuginfo-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "kernel-headers-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "kernel-devel-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "kernel-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "perf-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "kernel-tools-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "perf-debuginfo-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "python3-perf-debuginfo-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "kernel-tools-devel-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "kernel-source-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm",
        "kernel-debugsource-5.10.0-183.0.0.96.oe2203sp3.aarch64.rpm"
    ]
}