{"id":"OESA-2023-1188","summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.(CVE-2022-27672)\r\n\r\nA flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.(CVE-2023-1079)\r\n\r\nIn the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).(CVE-2023-23004)\r\n\r\nA use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.(CVE-2023-1249)\r\n\r\n\nKernel: denial of service in tipc_conn_close(CVE-2023-1382)\r\n\r\ndo_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).(CVE-2023-28466)\r\n\r\nIn the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.(CVE-2022-48424)\r\n\r\nIn the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.(CVE-2022-48423)\r\n\r\nIn the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.(CVE-2022-48425)\r\n\r\nUse After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.(CVE-2023-1281)\n\nIn the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).(CVE-2023-22999)","modified":"2025-09-03T06:18:11.624116Z","published":"2023-03-31T11:05:05Z","upstream":["CVE-2022-27672","CVE-2022-48423","CVE-2022-48424","CVE-2022-48425","CVE-2023-1079","CVE-2023-1249","CVE-2023-1281","CVE-2023-1382","CVE-2023-22999","CVE-2023-23004","CVE-2023-28466"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1188"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27672"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1079"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23004"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1249"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1382"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28466"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48424"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48423"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48425"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1281"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22999"}],"affected":[{"package":{"name":"kernel","ecosystem":"openEuler:22.03-LTS","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-60.87.0.111.oe2203"}]}],"ecosystem_specific":{"aarch64":["bpftool-5.10.0-60.87.0.111.oe2203.aarch64.rpm","kernel-tools-devel-5.10.0-60.87.0.111.oe2203.aarch64.rpm","kernel-devel-5.10.0-60.87.0.111.oe2203.aarch64.rpm","perf-debuginfo-5.10.0-60.87.0.111.oe2203.aarch64.rpm","kernel-headers-5.10.0-60.87.0.111.oe2203.aarch64.rpm","kernel-5.10.0-60.87.0.111.oe2203.aarch64.rpm","perf-5.10.0-60.87.0.111.oe2203.aarch64.rpm","python3-perf-5.10.0-60.87.0.111.oe2203.aarch64.rpm","kernel-debuginfo-5.10.0-60.87.0.111.oe2203.aarch64.rpm","python3-perf-debuginfo-5.10.0-60.87.0.111.oe2203.aarch64.rpm","kernel-tools-5.10.0-60.87.0.111.oe2203.aarch64.rpm","kernel-source-5.10.0-60.87.0.111.oe2203.aarch64.rpm","bpftool-debuginfo-5.10.0-60.87.0.111.oe2203.aarch64.rpm","kernel-tools-debuginfo-5.10.0-60.87.0.111.oe2203.aarch64.rpm","kernel-debugsource-5.10.0-60.87.0.111.oe2203.aarch64.rpm"],"x86_64":["kernel-tools-debuginfo-5.10.0-60.87.0.111.oe2203.x86_64.rpm","python3-perf-debuginfo-5.10.0-60.87.0.111.oe2203.x86_64.rpm","perf-debuginfo-5.10.0-60.87.0.111.oe2203.x86_64.rpm","python3-perf-5.10.0-60.87.0.111.oe2203.x86_64.rpm","kernel-debugsource-5.10.0-60.87.0.111.oe2203.x86_64.rpm","kernel-tools-5.10.0-60.87.0.111.oe2203.x86_64.rpm","kernel-debuginfo-5.10.0-60.87.0.111.oe2203.x86_64.rpm","bpftool-5.10.0-60.87.0.111.oe2203.x86_64.rpm","kernel-devel-5.10.0-60.87.0.111.oe2203.x86_64.rpm","kernel-headers-5.10.0-60.87.0.111.oe2203.x86_64.rpm","kernel-source-5.10.0-60.87.0.111.oe2203.x86_64.rpm","bpftool-debuginfo-5.10.0-60.87.0.111.oe2203.x86_64.rpm","perf-5.10.0-60.87.0.111.oe2203.x86_64.rpm","kernel-5.10.0-60.87.0.111.oe2203.x86_64.rpm","kernel-tools-devel-5.10.0-60.87.0.111.oe2203.x86_64.rpm"],"src":["kernel-5.10.0-60.87.0.111.oe2203.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2023-1188.json"}}],"schema_version":"1.7.3"}