An update for kernel is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1841 Final 1.0 1.0 2023-11-17 Initial 2023-11-17 2023-11-17 openEuler SA Tool V1.0 2023-11-17 kernel security update An update for kernel is now available for openEuler-20.03-LTS-SP1. The Linux Kernel, the operating system core itself. Security Fix(es): An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.(CVE-2022-45884) Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2023-3327) A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.(CVE-2023-39198) A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. (CVE-2023-4623) An update for kernel is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1841 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45884 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-3327 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-39198 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4623 https://nvd.nist.gov/vuln/detail/CVE-2022-45884 https://nvd.nist.gov/vuln/detail/CVE-2023-3327 https://nvd.nist.gov/vuln/detail/CVE-2023-39198 https://nvd.nist.gov/vuln/detail/CVE-2023-4623 openEuler-20.03-LTS-SP1 kernel-tools-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm python2-perf-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm kernel-devel-4.19.90-2311.3.0.0226.oe1.aarch64.rpm kernel-debugsource-4.19.90-2311.3.0.0226.oe1.aarch64.rpm kernel-source-4.19.90-2311.3.0.0226.oe1.aarch64.rpm kernel-tools-4.19.90-2311.3.0.0226.oe1.aarch64.rpm python3-perf-4.19.90-2311.3.0.0226.oe1.aarch64.rpm perf-4.19.90-2311.3.0.0226.oe1.aarch64.rpm kernel-4.19.90-2311.3.0.0226.oe1.aarch64.rpm python2-perf-4.19.90-2311.3.0.0226.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm perf-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm bpftool-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2311.3.0.0226.oe1.aarch64.rpm bpftool-4.19.90-2311.3.0.0226.oe1.aarch64.rpm kernel-4.19.90-2311.3.0.0226.oe1.src.rpm perf-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm kernel-source-4.19.90-2311.3.0.0226.oe1.x86_64.rpm kernel-4.19.90-2311.3.0.0226.oe1.x86_64.rpm kernel-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm kernel-tools-4.19.90-2311.3.0.0226.oe1.x86_64.rpm perf-4.19.90-2311.3.0.0226.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2311.3.0.0226.oe1.x86_64.rpm kernel-devel-4.19.90-2311.3.0.0226.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm kernel-debugsource-4.19.90-2311.3.0.0226.oe1.x86_64.rpm python3-perf-4.19.90-2311.3.0.0226.oe1.x86_64.rpm python2-perf-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm bpftool-4.19.90-2311.3.0.0226.oe1.x86_64.rpm python2-perf-4.19.90-2311.3.0.0226.oe1.x86_64.rpm bpftool-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. 2023-11-17 CVE-2022-45884 openEuler-20.03-LTS-SP1 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-11-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1841 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. 2023-11-17 CVE-2023-3327 openEuler-20.03-LTS-SP1 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-11-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1841 A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. 2023-11-17 CVE-2023-39198 openEuler-20.03-LTS-SP1 High 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H kernel security update 2023-11-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1841 A use-after-free vulnerability in the Linux kernel s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. 2023-11-17 CVE-2023-4623 openEuler-20.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-11-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1841