Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU62027
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-1015
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_validate_register_store and nft_validate_register_load in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. A local user can escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.29.0.105
kernel-debugsource: before 5.10.0-136.29.0.105
bpftool-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-debuginfo: before 5.10.0-136.29.0.105
kernel-source: before 5.10.0-136.29.0.105
bpftool: before 5.10.0-136.29.0.105
perf-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-devel: before 5.10.0-136.29.0.105
kernel-devel: before 5.10.0-136.29.0.105
perf: before 5.10.0-136.29.0.105
kernel-debuginfo: before 5.10.0-136.29.0.105
python3-perf-debuginfo: before 5.10.0-136.29.0.105
python3-perf: before 5.10.0-136.29.0.105
kernel-tools: before 5.10.0-136.29.0.105
kernel: before 5.10.0-136.29.0.105
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1250
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU71480
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36280
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.29.0.105
kernel-debugsource: before 5.10.0-136.29.0.105
bpftool-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-debuginfo: before 5.10.0-136.29.0.105
kernel-source: before 5.10.0-136.29.0.105
bpftool: before 5.10.0-136.29.0.105
perf-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-devel: before 5.10.0-136.29.0.105
kernel-devel: before 5.10.0-136.29.0.105
perf: before 5.10.0-136.29.0.105
kernel-debuginfo: before 5.10.0-136.29.0.105
python3-perf-debuginfo: before 5.10.0-136.29.0.105
python3-perf: before 5.10.0-136.29.0.105
kernel-tools: before 5.10.0-136.29.0.105
kernel: before 5.10.0-136.29.0.105
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1250
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72470
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27672
CWE-ID:
CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.29.0.105
kernel-debugsource: before 5.10.0-136.29.0.105
bpftool-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-debuginfo: before 5.10.0-136.29.0.105
kernel-source: before 5.10.0-136.29.0.105
bpftool: before 5.10.0-136.29.0.105
perf-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-devel: before 5.10.0-136.29.0.105
kernel-devel: before 5.10.0-136.29.0.105
perf: before 5.10.0-136.29.0.105
kernel-debuginfo: before 5.10.0-136.29.0.105
python3-perf-debuginfo: before 5.10.0-136.29.0.105
python3-perf: before 5.10.0-136.29.0.105
kernel-tools: before 5.10.0-136.29.0.105
kernel: before 5.10.0-136.29.0.105
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1250
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75456
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-30456
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of consistency for for CR0 and CR4 in arch/x86/kvm/vmx/nested.c in the Linux kernel. A local user can execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.29.0.105
kernel-debugsource: before 5.10.0-136.29.0.105
bpftool-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-debuginfo: before 5.10.0-136.29.0.105
kernel-source: before 5.10.0-136.29.0.105
bpftool: before 5.10.0-136.29.0.105
perf-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-devel: before 5.10.0-136.29.0.105
kernel-devel: before 5.10.0-136.29.0.105
perf: before 5.10.0-136.29.0.105
kernel-debuginfo: before 5.10.0-136.29.0.105
python3-perf-debuginfo: before 5.10.0-136.29.0.105
python3-perf: before 5.10.0-136.29.0.105
kernel-tools: before 5.10.0-136.29.0.105
kernel: before 5.10.0-136.29.0.105
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1250
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75452
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1989
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a use-after-free error within the btsdio_remove() function in driversluetoothtsdio.c. A local user can trigger a
use-after-free error and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.29.0.105
kernel-debugsource: before 5.10.0-136.29.0.105
bpftool-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-debuginfo: before 5.10.0-136.29.0.105
kernel-source: before 5.10.0-136.29.0.105
bpftool: before 5.10.0-136.29.0.105
perf-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-devel: before 5.10.0-136.29.0.105
kernel-devel: before 5.10.0-136.29.0.105
perf: before 5.10.0-136.29.0.105
kernel-debuginfo: before 5.10.0-136.29.0.105
python3-perf-debuginfo: before 5.10.0-136.29.0.105
python3-perf: before 5.10.0-136.29.0.105
kernel-tools: before 5.10.0-136.29.0.105
kernel: before 5.10.0-136.29.0.105
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1250
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75448
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1829
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 22.03 LTS SP1
kernel-headers: before 5.10.0-136.29.0.105
kernel-debugsource: before 5.10.0-136.29.0.105
bpftool-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-debuginfo: before 5.10.0-136.29.0.105
kernel-source: before 5.10.0-136.29.0.105
bpftool: before 5.10.0-136.29.0.105
perf-debuginfo: before 5.10.0-136.29.0.105
kernel-tools-devel: before 5.10.0-136.29.0.105
kernel-devel: before 5.10.0-136.29.0.105
perf: before 5.10.0-136.29.0.105
kernel-debuginfo: before 5.10.0-136.29.0.105
python3-perf-debuginfo: before 5.10.0-136.29.0.105
python3-perf: before 5.10.0-136.29.0.105
kernel-tools: before 5.10.0-136.29.0.105
kernel: before 5.10.0-136.29.0.105
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1250
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.