Main Vulnerability Database SB2023060332

SB2023060332 - openEuler 22.03 LTS update for kernel

Published: June 3, 2023

Security Bulletin ID SB2023060332

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Return of pointer value outside of expected range (CVE-ID: CVE-2023-22998)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to unexpected value of the pointer returned as value in the drm_gem_shmem_get_sg_table() function in drivers/gpu/drm/virtio/virtgpu_object.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1323

Vulnerable Software

openEuler: 22.03 LTS
python3-perf-debuginfo: before 5.10.0-60.96.0.120
perf-debuginfo: before 5.10.0-60.96.0.120
kernel-debugsource: before 5.10.0-60.96.0.120
kernel-source: before 5.10.0-60.96.0.120
kernel-tools-devel: before 5.10.0-60.96.0.120
kernel-debuginfo: before 5.10.0-60.96.0.120
kernel-headers: before 5.10.0-60.96.0.120
bpftool-debuginfo: before 5.10.0-60.96.0.120
perf: before 5.10.0-60.96.0.120
kernel-tools: before 5.10.0-60.96.0.120
kernel-devel: before 5.10.0-60.96.0.120
kernel-tools-debuginfo: before 5.10.0-60.96.0.120
bpftool: before 5.10.0-60.96.0.120
python3-perf: before 5.10.0-60.96.0.120
kernel: before 5.10.0-60.96.0.120

SB2023060332 - openEuler 22.03 LTS update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human