openEuler 20.03 LTS SP1 update for kernel



Published: 2023-09-02
Risk Medium
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2023-1206
CVE-2023-34319
CVE-2023-40283
CVE-2023-4194
CVE-2023-4385
CVE-2023-4459
CVE-2023-1076
CWE-ID CWE-400
CWE-119
CWE-416
CWE-843
CWE-476
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		openEuler
Operating systems & Components / Operating system

kernel-tools-devel
Operating systems & Components / Operating system package or component

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU77953

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2308.5.0.0216

python3-perf-debuginfo: before 4.19.90-2308.5.0.0216

python2-perf-debuginfo: before 4.19.90-2308.5.0.0216

perf-debuginfo: before 4.19.90-2308.5.0.0216

kernel-source: before 4.19.90-2308.5.0.0216

kernel-debugsource: before 4.19.90-2308.5.0.0216

kernel-tools-debuginfo: before 4.19.90-2308.5.0.0216

kernel-tools: before 4.19.90-2308.5.0.0216

bpftool-debuginfo: before 4.19.90-2308.5.0.0216

kernel-debuginfo: before 4.19.90-2308.5.0.0216

python3-perf: before 4.19.90-2308.5.0.0216

bpftool: before 4.19.90-2308.5.0.0216

perf: before 4.19.90-2308.5.0.0216

python2-perf: before 4.19.90-2308.5.0.0216

kernel-devel: before 4.19.90-2308.5.0.0216

kernel: before 4.19.90-2308.5.0.0216

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1588


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU79260

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34319

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in netback when processing certain packets. A malicious guest can send specially crafted packets to the backend, trigger memory corruption and crash the hypervisor.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2308.5.0.0216

python3-perf-debuginfo: before 4.19.90-2308.5.0.0216

python2-perf-debuginfo: before 4.19.90-2308.5.0.0216

perf-debuginfo: before 4.19.90-2308.5.0.0216

kernel-source: before 4.19.90-2308.5.0.0216

kernel-debugsource: before 4.19.90-2308.5.0.0216

kernel-tools-debuginfo: before 4.19.90-2308.5.0.0216

kernel-tools: before 4.19.90-2308.5.0.0216

bpftool-debuginfo: before 4.19.90-2308.5.0.0216

kernel-debuginfo: before 4.19.90-2308.5.0.0216

python3-perf: before 4.19.90-2308.5.0.0216

bpftool: before 4.19.90-2308.5.0.0216

perf: before 4.19.90-2308.5.0.0216

python2-perf: before 4.19.90-2308.5.0.0216

kernel-devel: before 4.19.90-2308.5.0.0216

kernel: before 4.19.90-2308.5.0.0216

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1588


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU79714

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40283

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2308.5.0.0216

python3-perf-debuginfo: before 4.19.90-2308.5.0.0216

python2-perf-debuginfo: before 4.19.90-2308.5.0.0216

perf-debuginfo: before 4.19.90-2308.5.0.0216

kernel-source: before 4.19.90-2308.5.0.0216

kernel-debugsource: before 4.19.90-2308.5.0.0216

kernel-tools-debuginfo: before 4.19.90-2308.5.0.0216

kernel-tools: before 4.19.90-2308.5.0.0216

bpftool-debuginfo: before 4.19.90-2308.5.0.0216

kernel-debuginfo: before 4.19.90-2308.5.0.0216

python3-perf: before 4.19.90-2308.5.0.0216

bpftool: before 4.19.90-2308.5.0.0216

perf: before 4.19.90-2308.5.0.0216

python2-perf: before 4.19.90-2308.5.0.0216

kernel-devel: before 4.19.90-2308.5.0.0216

kernel: before 4.19.90-2308.5.0.0216

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1588


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Type Confusion

EUVDB-ID: #VU79485

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4194

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a type confusion error in TUN/TAP functionality. A local user can bypass network filters and gain unauthorized access to some resources.

The vulnerability exists due to incomplete fix for #VU72742 (CVE-2023-1076).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2308.5.0.0216

python3-perf-debuginfo: before 4.19.90-2308.5.0.0216

python2-perf-debuginfo: before 4.19.90-2308.5.0.0216

perf-debuginfo: before 4.19.90-2308.5.0.0216

kernel-source: before 4.19.90-2308.5.0.0216

kernel-debugsource: before 4.19.90-2308.5.0.0216

kernel-tools-debuginfo: before 4.19.90-2308.5.0.0216

kernel-tools: before 4.19.90-2308.5.0.0216

bpftool-debuginfo: before 4.19.90-2308.5.0.0216

kernel-debuginfo: before 4.19.90-2308.5.0.0216

python3-perf: before 4.19.90-2308.5.0.0216

bpftool: before 4.19.90-2308.5.0.0216

perf: before 4.19.90-2308.5.0.0216

python2-perf: before 4.19.90-2308.5.0.0216

kernel-devel: before 4.19.90-2308.5.0.0216

kernel: before 4.19.90-2308.5.0.0216

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1588


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU80800

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4385

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the dbFree() function in fs/jfs/jfs_dmap.c in the journaling file system (JFS). A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2308.5.0.0216

python3-perf-debuginfo: before 4.19.90-2308.5.0.0216

python2-perf-debuginfo: before 4.19.90-2308.5.0.0216

perf-debuginfo: before 4.19.90-2308.5.0.0216

kernel-source: before 4.19.90-2308.5.0.0216

kernel-debugsource: before 4.19.90-2308.5.0.0216

kernel-tools-debuginfo: before 4.19.90-2308.5.0.0216

kernel-tools: before 4.19.90-2308.5.0.0216

bpftool-debuginfo: before 4.19.90-2308.5.0.0216

kernel-debuginfo: before 4.19.90-2308.5.0.0216

python3-perf: before 4.19.90-2308.5.0.0216

bpftool: before 4.19.90-2308.5.0.0216

perf: before 4.19.90-2308.5.0.0216

python2-perf: before 4.19.90-2308.5.0.0216

kernel-devel: before 4.19.90-2308.5.0.0216

kernel: before 4.19.90-2308.5.0.0216

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1588


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU80797

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4459

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the vmxnet3_rq_cleanup() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2308.5.0.0216

python3-perf-debuginfo: before 4.19.90-2308.5.0.0216

python2-perf-debuginfo: before 4.19.90-2308.5.0.0216

perf-debuginfo: before 4.19.90-2308.5.0.0216

kernel-source: before 4.19.90-2308.5.0.0216

kernel-debugsource: before 4.19.90-2308.5.0.0216

kernel-tools-debuginfo: before 4.19.90-2308.5.0.0216

kernel-tools: before 4.19.90-2308.5.0.0216

bpftool-debuginfo: before 4.19.90-2308.5.0.0216

kernel-debuginfo: before 4.19.90-2308.5.0.0216

python3-perf: before 4.19.90-2308.5.0.0216

bpftool: before 4.19.90-2308.5.0.0216

perf: before 4.19.90-2308.5.0.0216

python2-perf: before 4.19.90-2308.5.0.0216

kernel-devel: before 4.19.90-2308.5.0.0216

kernel: before 4.19.90-2308.5.0.0216

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1588


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Type Confusion

EUVDB-ID: #VU72742

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1076

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error during initialization of TUN/TAP sockets. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2308.5.0.0216

python3-perf-debuginfo: before 4.19.90-2308.5.0.0216

python2-perf-debuginfo: before 4.19.90-2308.5.0.0216

perf-debuginfo: before 4.19.90-2308.5.0.0216

kernel-source: before 4.19.90-2308.5.0.0216

kernel-debugsource: before 4.19.90-2308.5.0.0216

kernel-tools-debuginfo: before 4.19.90-2308.5.0.0216

kernel-tools: before 4.19.90-2308.5.0.0216

bpftool-debuginfo: before 4.19.90-2308.5.0.0216

kernel-debuginfo: before 4.19.90-2308.5.0.0216

python3-perf: before 4.19.90-2308.5.0.0216

bpftool: before 4.19.90-2308.5.0.0216

perf: before 4.19.90-2308.5.0.0216

python2-perf: before 4.19.90-2308.5.0.0216

kernel-devel: before 4.19.90-2308.5.0.0216

kernel: before 4.19.90-2308.5.0.0216

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1588


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###