OESA-2026-1504

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1504

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-1504.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2026-1504

Upstream

CVE-2023-53577

CVE-2026-23216

Published

2026-03-06T12:41:32Z

Modified

2026-03-08T23:06:27.076687Z

Summary

kernel security update

Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

In the Linux kernel, the following vulnerability has been resolved:

bpf, cpumap: Make sure kthread is running before map update returns

The following warning was reported when running stress-mode enabled xdpredirectcpu with some RT threads:

------------[ cut here ]------------ WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135 CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: events cpumapkthreadstop RIP: 0010:putcpumapentry+0xda/0x220 ...... Call Trace: <TASK> ? show_regs+0x65/0x70 ? __warn+0xa5/0x240 ...... ? putcpumapentry+0xda/0x220 cpumapkthreadstop+0x41/0x60 processonework+0x6b0/0xb80 workerthread+0x96/0x720 kthread+0x1a5/0x1f0 retfromfork+0x3a/0x70 retfromforkasm+0x1b/0x30 </TASK>

The root cause is the same as commit 436901649731 ("bpf: cpumap: Fix memory leak in cpumapupdateelem"). The kthread is stopped prematurely by kthreadstop() in cpumapkthreadstop(), and kthread() doesn't call cpumapkthreadrun() at all but XDP program has already queued some frames or skbs into ptr_ring. So when __cpumapringcleanup() checks the ptrring, it will find it was not emptied and report a warning.

An alternative fix is to use __cpumapringcleanup() to drop these pending frames or skbs when kthreadstop() returns -EINTR, but it may confuse the user, because these frames or skbs have been handled correctly by XDP program. So instead of dropping these frames or skbs, just make sure the per-cpu kthread is running before _cpumapentryalloc() returns.

After apply the fix, the error handle for kthread_stop() will be unnecessary because it will always return 0, so just remove it.(CVE-2023-53577)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount()

In iscsitdecconnusagecount(), the function calls complete() while holding the conn->connusagelock. As soon as complete() is invoked, the waiter (such as iscsitcloseconnection()) may wake up and proceed to free the iscsit_conn structure.

If the waiter frees the memory before the current thread reaches spinunlockbh(), it results in a KASAN slab-use-after-free as the function attempts to release a lock within the already-freed connection structure.

Fix this by releasing the spinlock before calling complete().(CVE-2026-23216)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / kernel

Package

Name: kernel
Purl: pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.19.90-2603.1.0.0364.oe2003sp4

Ecosystem specific

{
    "x86_64": [
        "bpftool-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "kernel-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "kernel-debugsource-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "kernel-devel-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "kernel-source-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "kernel-tools-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "perf-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "python2-perf-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "python3-perf-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm"
    ],
    "src": [
        "kernel-4.19.90-2603.1.0.0364.oe2003sp4.src.rpm"
    ],
    "aarch64": [
        "bpftool-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "kernel-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "kernel-debugsource-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "kernel-devel-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "kernel-source-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "kernel-tools-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "perf-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "python2-perf-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "python3-perf-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1504.json"