Main Vulnerability Database SB2023070105

SB2023070105 - openEuler 22.03 LTS update for kernel

Published: July 1, 2023

Security Bulletin ID SB2023070105

Severity

Low

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2023-1073)

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a boundary error in the Linux kernel human interface device (HID) subsystem. An attacker with physical access to the system can insert in a specific way malicious USB device, trigger memory corruption and execute arbitrary code.

2) Memory leak (CVE-ID: CVE-2023-1074)

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in Linux kernel Stream Control Transmission Protocol. A local user can start a malicious network service and then connect to remotely, forcing the kernel to leak memory.

3) NULL pointer dereference (CVE-ID: CVE-2023-1095)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the nf_tables_updtable() function within the netfilter subsystem. A local user can perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2023-3141)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the r592_remove() function of drivers/memstick/host/r592.c in media access in the Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.

5) Out-of-bounds read (CVE-ID: CVE-2023-3268)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the relay_file_read_start_pos() function in kernel/relay.c in the relayfs. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.

6) Use-after-free (CVE-ID: CVE-2023-35829)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rkvdec_remove() function in drivers/staging/media/rkvdec/rkvdec.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1381

Vulnerable Software

openEuler: 22.03 LTS
kernel-debuginfo: before 5.10.0-60.100.0.124
kernel-tools: before 5.10.0-60.100.0.124
kernel-tools-devel: before 5.10.0-60.100.0.124
kernel-source: before 5.10.0-60.100.0.124
bpftool: before 5.10.0-60.100.0.124
kernel-debugsource: before 5.10.0-60.100.0.124
python3-perf: before 5.10.0-60.100.0.124
perf: before 5.10.0-60.100.0.124
perf-debuginfo: before 5.10.0-60.100.0.124
python3-perf-debuginfo: before 5.10.0-60.100.0.124
kernel-devel: before 5.10.0-60.100.0.124
kernel-headers: before 5.10.0-60.100.0.124
bpftool-debuginfo: before 5.10.0-60.100.0.124
kernel-tools-debuginfo: before 5.10.0-60.100.0.124
kernel: before 5.10.0-60.100.0.124