SB2023041495 - openEuler 20.03 LTS SP3 update for kernel

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Race condition (CVE-ID: CVE-2023-1582)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within fs/proc/task_mmu.c. A local user can exploit the race and crash the kernel.

2) Use-after-free (CVE-ID: CVE-2023-1611)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can trigger a use-after-free error and crash the kernel.

3) Memory leak (CVE-ID: CVE-2021-3923)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak within RDMA over infiniband implementation in Linux kernel. A local user can force the application to leak memory by sensing commands to the /dev/infiniband/rdma_cm device node and gain access to sensitive information.

4) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2023-1637)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due speculative execution behavior in the Linux kernel X86 CPU Power management options functionality. A local user can gain access to sensitive information.

5) Use-after-free (CVE-ID: CVE-2023-1670)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Xircom 16-bit PCMCIA (PC-card) Ethernet driver. A local user can trigger a use-after-free error and execute arbitrary code on the system.

6) Use-after-free (CVE-ID: CVE-2023-1838)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the vhost_net_set_backend() function in drivers/vhost/net.c. A local user can trigger a use-after-free error and crash the kernel.

7) Use-after-free (CVE-ID: CVE-2023-1855)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xgene_hwmon_remove() function in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). A local user can trigger a use-after-free error and execute arbitrary code on the system.

8) Use-after-free (CVE-ID: CVE-2023-1859)

The vulnerability allows a malicious guest to gain access to sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the xen_9pfs_front_removet() function in net/9p/trans_xen.c in Xen transport for 9pfs. A malicious guest VM can trigger a use-after-free error and gain access to sensitive information of the hypervisor or crash it.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1229