SB2023033152 - openEuler 22.03 LTS update for kernel

Main Vulnerability Database SB2023033152

SB2023033152 - openEuler 22.03 LTS update for kernel

Published: March 31, 2023

Security Bulletin ID SB2023033152

Severity

Low

Patch available

YES

Number of vulnerabilities 12

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) Cross-thread return address predictions (CVE-ID: CVE-2022-27672)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure.

2) Use-after-free (CVE-ID: CVE-2023-1079)

The vulnerability allows an attacker to compromise the vulnerable system.

The vulnerability exists due to a use-after-free error within the asus_kbd_backlight_set() function when plugging in a malicious USB device. An attacker with physical access to the system can inject a malicious USB device, trigger a use-after-free error and execute arbitrary code.

3) NULL pointer dereference (CVE-ID: CVE-2023-23004)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the get_sg_table() function in drivers/gpu/drm/arm/malidp_planes.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2023-1249)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the core dump subsystem in Linux kernel. A local user can trigger a use-after-free error and crash the kernel.

5) NULL pointer dereference (CVE-ID: CVE-2023-1382)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in net/tipc/topsrv.c within the TIPC protocol implementation in the Linux kernel. A local user can perform a denial of service (DoS) attack.

6) Race condition (CVE-ID: CVE-2023-28466)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition caused by a missing lock_sock call within the do_tls_getsockopt() function in net/tls/tls_main.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

7) Buffer overflow (CVE-ID: CVE-2022-48424)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within fs/ntfs3/inode.c in Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

8) Out-of-bounds write (CVE-ID: CVE-2022-48423)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within fs/ntfs3/record.c in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

9) Release of invalid pointer or reference (CVE-ID: CVE-2022-48425)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an invalid kfree in fs/ntfs3/inode.c caused by improper validation of MFT flags before replaying logs. A local user can execute arbitrary code with elevated privileges.

10) Use-after-free (CVE-ID: CVE-2023-1281)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.

11) NULL pointer dereference (CVE-ID: CVE-2023-22999)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the dwc3_qcom_create_urs_usb_platdev() function in drivers/usb/dwc3/dwc3-qcom.c. A local can pass specially crafted data to the system and perform a denial of service (DoS) attack.

12) Use-after-free (CVE-ID: CVE-2023-25012)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the bigben_remove() function in drivers/hid/hid-bigbenff.c. An attacker with physical access to the system can attach a specially crafted USB device to the system and cause a denial of service condition.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1188

Vulnerable Software

openEuler: 22.03 LTS
kernel-debugsource: before 5.10.0-60.87.0.111
kernel-tools-debuginfo: before 5.10.0-60.87.0.111
bpftool-debuginfo: before 5.10.0-60.87.0.111
kernel-source: before 5.10.0-60.87.0.111
kernel-tools: before 5.10.0-60.87.0.111
python3-perf-debuginfo: before 5.10.0-60.87.0.111
kernel-debuginfo: before 5.10.0-60.87.0.111
python3-perf: before 5.10.0-60.87.0.111
perf: before 5.10.0-60.87.0.111
kernel-headers: before 5.10.0-60.87.0.111
perf-debuginfo: before 5.10.0-60.87.0.111
kernel-devel: before 5.10.0-60.87.0.111
kernel-tools-devel: before 5.10.0-60.87.0.111
bpftool: before 5.10.0-60.87.0.111
kernel: before 5.10.0-60.87.0.111