openEuler 20.03 LTS SP1 update for kernel

Published: 2023-11-03

Risk	Medium
Patch available	YES
Number of vulnerabilities	8
CVE-ID	CVE-2022-44033 CVE-2022-45919 CVE-2023-31083 CVE-2023-31085 CVE-2023-34324 CVE-2023-39194 CVE-2023-45863 CVE-2023-5717
CWE-ID	CWE-362 CWE-416 CWE-476 CWE-369 CWE-833 CWE-125 CWE-787
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system kernel-tools-devel Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Race condition

EUVDB-ID: #VU77324

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-44033

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a race condition in drivers/char/pcmcia/cm4040_cs.c in Linux kernel. An attacker with physical access to device can remove the PCMCIA device while calling open() to trigger a use-after-free error and execute arbitrary code on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2311.1.0.0224

kernel-devel: before 4.19.90-2311.1.0.0224

python3-perf-debuginfo: before 4.19.90-2311.1.0.0224

perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel-tools-debuginfo: before 4.19.90-2311.1.0.0224

python3-perf: before 4.19.90-2311.1.0.0224

bpftool-debuginfo: before 4.19.90-2311.1.0.0224

kernel-debugsource: before 4.19.90-2311.1.0.0224

kernel-debuginfo: before 4.19.90-2311.1.0.0224

python2-perf: before 4.19.90-2311.1.0.0224

kernel-source: before 4.19.90-2311.1.0.0224

kernel-tools: before 4.19.90-2311.1.0.0224

bpftool: before 4.19.90-2311.1.0.0224

perf: before 4.19.90-2311.1.0.0224

python2-perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel: before 4.19.90-2311.1.0.0224

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1779

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU75337

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45919

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvb_ca_en50221.c in Linux kernel. A local user can trigger a race condition and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2311.1.0.0224

kernel-devel: before 4.19.90-2311.1.0.0224

python3-perf-debuginfo: before 4.19.90-2311.1.0.0224

perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel-tools-debuginfo: before 4.19.90-2311.1.0.0224

python3-perf: before 4.19.90-2311.1.0.0224

bpftool-debuginfo: before 4.19.90-2311.1.0.0224

kernel-debugsource: before 4.19.90-2311.1.0.0224

kernel-debuginfo: before 4.19.90-2311.1.0.0224

python2-perf: before 4.19.90-2311.1.0.0224

kernel-source: before 4.19.90-2311.1.0.0224

kernel-tools: before 4.19.90-2311.1.0.0224

bpftool: before 4.19.90-2311.1.0.0224

perf: before 4.19.90-2311.1.0.0224

python2-perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel: before 4.19.90-2311.1.0.0224

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1779

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU79496

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-31083

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the hci_uart_tty_ioctl() function in drivers/bluetooth/hci_ldisc.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2311.1.0.0224

kernel-devel: before 4.19.90-2311.1.0.0224

python3-perf-debuginfo: before 4.19.90-2311.1.0.0224

perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel-tools-debuginfo: before 4.19.90-2311.1.0.0224

python3-perf: before 4.19.90-2311.1.0.0224

bpftool-debuginfo: before 4.19.90-2311.1.0.0224

kernel-debugsource: before 4.19.90-2311.1.0.0224

kernel-debuginfo: before 4.19.90-2311.1.0.0224

python2-perf: before 4.19.90-2311.1.0.0224

kernel-source: before 4.19.90-2311.1.0.0224

kernel-tools: before 4.19.90-2311.1.0.0224

bpftool: before 4.19.90-2311.1.0.0224

perf: before 4.19.90-2311.1.0.0224

python2-perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel: before 4.19.90-2311.1.0.0224

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1779

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Division by zero

EUVDB-ID: #VU82660

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-31085

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a divide by zero error within the drivers/mtd/ubi/cdev.c driver. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2311.1.0.0224

kernel-devel: before 4.19.90-2311.1.0.0224

python3-perf-debuginfo: before 4.19.90-2311.1.0.0224

perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel-tools-debuginfo: before 4.19.90-2311.1.0.0224

python3-perf: before 4.19.90-2311.1.0.0224

bpftool-debuginfo: before 4.19.90-2311.1.0.0224

kernel-debugsource: before 4.19.90-2311.1.0.0224

kernel-debuginfo: before 4.19.90-2311.1.0.0224

python2-perf: before 4.19.90-2311.1.0.0224

kernel-source: before 4.19.90-2311.1.0.0224

kernel-tools: before 4.19.90-2311.1.0.0224

bpftool: before 4.19.90-2311.1.0.0224

perf: before 4.19.90-2311.1.0.0224

python2-perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel: before 4.19.90-2311.1.0.0224

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1779

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Deadlock

EUVDB-ID: #VU81900

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-34324

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2311.1.0.0224

kernel-devel: before 4.19.90-2311.1.0.0224

python3-perf-debuginfo: before 4.19.90-2311.1.0.0224

perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel-tools-debuginfo: before 4.19.90-2311.1.0.0224

python3-perf: before 4.19.90-2311.1.0.0224

bpftool-debuginfo: before 4.19.90-2311.1.0.0224

kernel-debugsource: before 4.19.90-2311.1.0.0224

kernel-debuginfo: before 4.19.90-2311.1.0.0224

python2-perf: before 4.19.90-2311.1.0.0224

kernel-source: before 4.19.90-2311.1.0.0224

kernel-tools: before 4.19.90-2311.1.0.0224

bpftool: before 4.19.90-2311.1.0.0224

perf: before 4.19.90-2311.1.0.0224

python2-perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel: before 4.19.90-2311.1.0.0224

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1779

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU81919

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-39194

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2311.1.0.0224

kernel-devel: before 4.19.90-2311.1.0.0224

python3-perf-debuginfo: before 4.19.90-2311.1.0.0224

perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel-tools-debuginfo: before 4.19.90-2311.1.0.0224

python3-perf: before 4.19.90-2311.1.0.0224

bpftool-debuginfo: before 4.19.90-2311.1.0.0224

kernel-debugsource: before 4.19.90-2311.1.0.0224

kernel-debuginfo: before 4.19.90-2311.1.0.0224

python2-perf: before 4.19.90-2311.1.0.0224

kernel-source: before 4.19.90-2311.1.0.0224

kernel-tools: before 4.19.90-2311.1.0.0224

bpftool: before 4.19.90-2311.1.0.0224

perf: before 4.19.90-2311.1.0.0224

python2-perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel: before 4.19.90-2311.1.0.0224

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1779

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

EUVDB-ID: #VU84354

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-45863

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the fill_kobj_path() function in lib/kobject.c. A local user can can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2311.1.0.0224

kernel-devel: before 4.19.90-2311.1.0.0224

python3-perf-debuginfo: before 4.19.90-2311.1.0.0224

perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel-tools-debuginfo: before 4.19.90-2311.1.0.0224

python3-perf: before 4.19.90-2311.1.0.0224

bpftool-debuginfo: before 4.19.90-2311.1.0.0224

kernel-debugsource: before 4.19.90-2311.1.0.0224

kernel-debuginfo: before 4.19.90-2311.1.0.0224

python2-perf: before 4.19.90-2311.1.0.0224

kernel-source: before 4.19.90-2311.1.0.0224

kernel-tools: before 4.19.90-2311.1.0.0224

bpftool: before 4.19.90-2311.1.0.0224

perf: before 4.19.90-2311.1.0.0224

python2-perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel: before 4.19.90-2311.1.0.0224

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1779

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds write

EUVDB-ID: #VU83311

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-5717

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1

kernel-tools-devel: before 4.19.90-2311.1.0.0224

kernel-devel: before 4.19.90-2311.1.0.0224

python3-perf-debuginfo: before 4.19.90-2311.1.0.0224

perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel-tools-debuginfo: before 4.19.90-2311.1.0.0224

python3-perf: before 4.19.90-2311.1.0.0224

bpftool-debuginfo: before 4.19.90-2311.1.0.0224

kernel-debugsource: before 4.19.90-2311.1.0.0224

kernel-debuginfo: before 4.19.90-2311.1.0.0224

python2-perf: before 4.19.90-2311.1.0.0224

kernel-source: before 4.19.90-2311.1.0.0224

kernel-tools: before 4.19.90-2311.1.0.0224

bpftool: before 4.19.90-2311.1.0.0224

perf: before 4.19.90-2311.1.0.0224

python2-perf-debuginfo: before 4.19.90-2311.1.0.0224

kernel: before 4.19.90-2311.1.0.0224

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1779

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.