openEuler 22.03 LTS SP1 update for kernel

Published: 2023-02-21

Risk	Low
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2022-3707 CVE-2023-0394 CVE-2023-0590
CWE-ID	CWE-415 CWE-476 CWE-416
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Double Free

EUVDB-ID: #VU70487

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3707

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the intel_gvt_dma_map_guest_page() function in Intel GVT-g graphics driver. A local user can trigger a double free error and crash the kernel.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

kernel-debugsource: before 5.10.0-136.19.0.95

kernel-debuginfo: before 5.10.0-136.19.0.95

kernel-tools-debuginfo: before 5.10.0-136.19.0.95

bpftool: before 5.10.0-136.19.0.95

python3-perf-debuginfo: before 5.10.0-136.19.0.95

bpftool-debuginfo: before 5.10.0-136.19.0.95

kernel-devel: before 5.10.0-136.19.0.95

perf-debuginfo: before 5.10.0-136.19.0.95

kernel-tools: before 5.10.0-136.19.0.95

kernel-tools-devel: before 5.10.0-136.19.0.95

kernel-source: before 5.10.0-136.19.0.95

python3-perf: before 5.10.0-136.19.0.95

perf: before 5.10.0-136.19.0.95

kernel-headers: before 5.10.0-136.19.0.95

kernel: before 5.10.0-136.19.0.95

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1109

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU71352

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-0394

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

kernel-debugsource: before 5.10.0-136.19.0.95

kernel-debuginfo: before 5.10.0-136.19.0.95

kernel-tools-debuginfo: before 5.10.0-136.19.0.95

bpftool: before 5.10.0-136.19.0.95

python3-perf-debuginfo: before 5.10.0-136.19.0.95

bpftool-debuginfo: before 5.10.0-136.19.0.95

kernel-devel: before 5.10.0-136.19.0.95

perf-debuginfo: before 5.10.0-136.19.0.95

kernel-tools: before 5.10.0-136.19.0.95

kernel-tools-devel: before 5.10.0-136.19.0.95

kernel-source: before 5.10.0-136.19.0.95

python3-perf: before 5.10.0-136.19.0.95

perf: before 5.10.0-136.19.0.95

kernel-headers: before 5.10.0-136.19.0.95

kernel: before 5.10.0-136.19.0.95

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1109

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU72098

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-0590

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the qdisc_graft() function in net/sched/sch_api.c. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP1

kernel-debugsource: before 5.10.0-136.19.0.95

kernel-debuginfo: before 5.10.0-136.19.0.95

kernel-tools-debuginfo: before 5.10.0-136.19.0.95

bpftool: before 5.10.0-136.19.0.95

python3-perf-debuginfo: before 5.10.0-136.19.0.95

bpftool-debuginfo: before 5.10.0-136.19.0.95

kernel-devel: before 5.10.0-136.19.0.95

perf-debuginfo: before 5.10.0-136.19.0.95

kernel-tools: before 5.10.0-136.19.0.95

kernel-tools-devel: before 5.10.0-136.19.0.95

kernel-source: before 5.10.0-136.19.0.95

python3-perf: before 5.10.0-136.19.0.95

perf: before 5.10.0-136.19.0.95

kernel-headers: before 5.10.0-136.19.0.95

kernel: before 5.10.0-136.19.0.95

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1109

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.