Main Vulnerability Database SB2023051230

SB2023051230 - openEuler 22.03 LTS SP1 update for kernel

Published: May 12, 2023 Updated: October 25, 2024

Security Bulletin ID SB2023051230

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 9

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 9 vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-4382)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the gadgetfs Linux driver. An attacker with physical access to the system can trigger a use-after-free by manipulating the external device with gadgetfs and execute arbitrary code.

2) Security features bypass (CVE-ID: CVE-2023-1998)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Spectre v2 SMT mitigations, related to calling prctl with PR_SET_SPECULATION_CTRL. An attacker can gain unauthorized access to kernel memory from userspace.

3) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2023-2007)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in dpt_i2o driver. A local privileged user can gain access to sensitive kernel information.

4) NULL pointer dereference (CVE-ID: CVE-2023-2166)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in net/can/af_can.c when processing CAN frames. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

5) Out-of-bounds read (CVE-ID: CVE-2023-2176)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

6) Out-of-bounds write (CVE-ID: CVE-2023-2194)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's SLIMpro I2C device driver. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

7) Improper locking (CVE-ID: CVE-2023-2269)

CWE-ID: CWE-667 - Improper Locking

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2023-0458)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the do_prlimit() function. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

9) Out-of-bounds write (CVE-ID: CVE-2023-31436)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the qfq_change_class() function in net/sched/sch_qfq.c when handling the MTU value provided to the QFQ Scheduler. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1275

Vulnerable Software

openEuler: 22.03 LTS SP1
kernel: before 5.10.0-136.31.0.107
bpftool: before 5.10.0-136.31.0.107
perf: before 5.10.0-136.31.0.107
kernel-headers: before 5.10.0-136.31.0.107
python3-perf-debuginfo: before 5.10.0-136.31.0.107
kernel-tools: before 5.10.0-136.31.0.107
kernel-tools-debuginfo: before 5.10.0-136.31.0.107
python3-perf: before 5.10.0-136.31.0.107
kernel-tools-devel: before 5.10.0-136.31.0.107
kernel-devel: before 5.10.0-136.31.0.107
kernel-debuginfo: before 5.10.0-136.31.0.107
bpftool-debuginfo: before 5.10.0-136.31.0.107
kernel-debugsource: before 5.10.0-136.31.0.107
kernel-source: before 5.10.0-136.31.0.107
perf-debuginfo: before 5.10.0-136.31.0.107

SB2023051230 - openEuler 22.03 LTS SP1 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human