SB20230411113 - openEuler 22.03 LTS SP1 update for kernel

Main Vulnerability Database SB20230411113

SB20230411113 - openEuler 22.03 LTS SP1 update for kernel

Published: April 11, 2023

Security Bulletin ID SB20230411113

Severity

Low

Patch available

YES

Number of vulnerabilities 11

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2023-23004)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the get_sg_table() function in drivers/gpu/drm/arm/malidp_planes.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2023-1249)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the core dump subsystem in Linux kernel. A local user can trigger a use-after-free error and crash the kernel.

3) NULL pointer dereference (CVE-ID: CVE-2023-28327)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the unix_diag_get_exact() function in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2023-28328)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

5) Out-of-bounds read (CVE-ID: CVE-2023-1380)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Broadcom Full MAC Wi-Fi driver (brcmfmac.ko). A local user can trigger an out-of-bounds read error and read contents of kernel memory on the system.

6) Race condition (CVE-ID: CVE-2023-28466)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition caused by a missing lock_sock call within the do_tls_getsockopt() function in net/tls/tls_main.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

7) Buffer overflow (CVE-ID: CVE-2022-48424)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within fs/ntfs3/inode.c in Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

8) Out-of-bounds write (CVE-ID: CVE-2022-48423)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within fs/ntfs3/record.c in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

9) Release of invalid pointer or reference (CVE-ID: CVE-2022-48425)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an invalid kfree in fs/ntfs3/inode.c caused by improper validation of MFT flags before replaying logs. A local user can execute arbitrary code with elevated privileges.

10) Improper Initialization (CVE-ID: CVE-2023-1513)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.

11) Use-after-free (CVE-ID: CVE-2023-1281)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1209

Vulnerable Software

openEuler: 22.03 LTS SP1
perf: before 5.10.0-136.27.0.103
kernel-tools: before 5.10.0-136.27.0.103
kernel-source: before 5.10.0-136.27.0.103
python3-perf-debuginfo: before 5.10.0-136.27.0.103
kernel-tools-debuginfo: before 5.10.0-136.27.0.103
kernel-headers: before 5.10.0-136.27.0.103
python3-perf: before 5.10.0-136.27.0.103
kernel-debuginfo: before 5.10.0-136.27.0.103
kernel-debugsource: before 5.10.0-136.27.0.103
bpftool-debuginfo: before 5.10.0-136.27.0.103
kernel-devel: before 5.10.0-136.27.0.103
perf-debuginfo: before 5.10.0-136.27.0.103
bpftool: before 5.10.0-136.27.0.103
kernel-tools-devel: before 5.10.0-136.27.0.103
kernel: before 5.10.0-136.27.0.103