openEuler 20.03 LTS SP3 update for kernel



Published: 2023-03-31
Risk Low
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2022-29901
CVE-2022-4269
CVE-2023-1079
CVE-2023-1382
CVE-2023-28466
CVE-2023-1281
CVE-2023-25012
CWE-ID CWE-1037
CWE-833
CWE-416
CWE-476
CWE-362
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		openEuler
Operating systems & Components / Operating system

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65220

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29901

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP3

kernel-tools-debuginfo: before 4.19.90-2303.5.0.0194

perf-debuginfo: before 4.19.90-2303.5.0.0194

python2-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf: before 4.19.90-2303.5.0.0194

kernel-debugsource: before 4.19.90-2303.5.0.0194

bpftool: before 4.19.90-2303.5.0.0194

kernel-source: before 4.19.90-2303.5.0.0194

bpftool-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-tools-devel: before 4.19.90-2303.5.0.0194

perf: before 4.19.90-2303.5.0.0194

kernel-tools: before 4.19.90-2303.5.0.0194

python2-perf: before 4.19.90-2303.5.0.0194

kernel-devel: before 4.19.90-2303.5.0.0194

kernel: before 4.19.90-2303.5.0.0194

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1197


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Deadlock

EUVDB-ID: #VU73186

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4269

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the Linux kernel Traffic Control (TC) subsystem. A local user can use a specific network configuration (redirecting egress packets to ingress using TC action "mirred") to trigger a CPU soft lockup.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP3

kernel-tools-debuginfo: before 4.19.90-2303.5.0.0194

perf-debuginfo: before 4.19.90-2303.5.0.0194

python2-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf: before 4.19.90-2303.5.0.0194

kernel-debugsource: before 4.19.90-2303.5.0.0194

bpftool: before 4.19.90-2303.5.0.0194

kernel-source: before 4.19.90-2303.5.0.0194

bpftool-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-tools-devel: before 4.19.90-2303.5.0.0194

perf: before 4.19.90-2303.5.0.0194

kernel-tools: before 4.19.90-2303.5.0.0194

python2-perf: before 4.19.90-2303.5.0.0194

kernel-devel: before 4.19.90-2303.5.0.0194

kernel: before 4.19.90-2303.5.0.0194

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1197


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU72741

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1079

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the vulnerable system.

The vulnerability exists due to a use-after-free error within the asus_kbd_backlight_set() function when plugging in a malicious USB device. An attacker with physical access to the system can inject a malicious USB device, trigger a use-after-free error and execute arbitrary code.


Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP3

kernel-tools-debuginfo: before 4.19.90-2303.5.0.0194

perf-debuginfo: before 4.19.90-2303.5.0.0194

python2-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf: before 4.19.90-2303.5.0.0194

kernel-debugsource: before 4.19.90-2303.5.0.0194

bpftool: before 4.19.90-2303.5.0.0194

kernel-source: before 4.19.90-2303.5.0.0194

bpftool-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-tools-devel: before 4.19.90-2303.5.0.0194

perf: before 4.19.90-2303.5.0.0194

kernel-tools: before 4.19.90-2303.5.0.0194

python2-perf: before 4.19.90-2303.5.0.0194

kernel-devel: before 4.19.90-2303.5.0.0194

kernel: before 4.19.90-2303.5.0.0194

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1197


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU74550

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1382

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in net/tipc/topsrv.c within the TIPC protocol implementation in the Linux kernel. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP3

kernel-tools-debuginfo: before 4.19.90-2303.5.0.0194

perf-debuginfo: before 4.19.90-2303.5.0.0194

python2-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf: before 4.19.90-2303.5.0.0194

kernel-debugsource: before 4.19.90-2303.5.0.0194

bpftool: before 4.19.90-2303.5.0.0194

kernel-source: before 4.19.90-2303.5.0.0194

bpftool-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-tools-devel: before 4.19.90-2303.5.0.0194

perf: before 4.19.90-2303.5.0.0194

kernel-tools: before 4.19.90-2303.5.0.0194

python2-perf: before 4.19.90-2303.5.0.0194

kernel-devel: before 4.19.90-2303.5.0.0194

kernel: before 4.19.90-2303.5.0.0194

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1197


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU74628

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28466

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition caused by a missing lock_sock call within the do_tls_getsockopt() function in net/tls/tls_main.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP3

kernel-tools-debuginfo: before 4.19.90-2303.5.0.0194

perf-debuginfo: before 4.19.90-2303.5.0.0194

python2-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf: before 4.19.90-2303.5.0.0194

kernel-debugsource: before 4.19.90-2303.5.0.0194

bpftool: before 4.19.90-2303.5.0.0194

kernel-source: before 4.19.90-2303.5.0.0194

bpftool-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-tools-devel: before 4.19.90-2303.5.0.0194

perf: before 4.19.90-2303.5.0.0194

kernel-tools: before 4.19.90-2303.5.0.0194

python2-perf: before 4.19.90-2303.5.0.0194

kernel-devel: before 4.19.90-2303.5.0.0194

kernel: before 4.19.90-2303.5.0.0194

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1197


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU74122

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1281

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP3

kernel-tools-debuginfo: before 4.19.90-2303.5.0.0194

perf-debuginfo: before 4.19.90-2303.5.0.0194

python2-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf: before 4.19.90-2303.5.0.0194

kernel-debugsource: before 4.19.90-2303.5.0.0194

bpftool: before 4.19.90-2303.5.0.0194

kernel-source: before 4.19.90-2303.5.0.0194

bpftool-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-tools-devel: before 4.19.90-2303.5.0.0194

perf: before 4.19.90-2303.5.0.0194

kernel-tools: before 4.19.90-2303.5.0.0194

python2-perf: before 4.19.90-2303.5.0.0194

kernel-devel: before 4.19.90-2303.5.0.0194

kernel: before 4.19.90-2303.5.0.0194

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1197


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU71764

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-25012

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the bigben_remove() function in drivers/hid/hid-bigbenff.c. An attacker with physical access to the system can attach a specially crafted USB device to the system and cause a denial of service condition.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP3

kernel-tools-debuginfo: before 4.19.90-2303.5.0.0194

perf-debuginfo: before 4.19.90-2303.5.0.0194

python2-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf: before 4.19.90-2303.5.0.0194

kernel-debugsource: before 4.19.90-2303.5.0.0194

bpftool: before 4.19.90-2303.5.0.0194

kernel-source: before 4.19.90-2303.5.0.0194

bpftool-debuginfo: before 4.19.90-2303.5.0.0194

python3-perf-debuginfo: before 4.19.90-2303.5.0.0194

kernel-tools-devel: before 4.19.90-2303.5.0.0194

perf: before 4.19.90-2303.5.0.0194

kernel-tools: before 4.19.90-2303.5.0.0194

python2-perf: before 4.19.90-2303.5.0.0194

kernel-devel: before 4.19.90-2303.5.0.0194

kernel: before 4.19.90-2303.5.0.0194

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1197


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###