{"schema_version":"1.7.2","id":"OESA-2023-1084","modified":"2023-02-17T11:04:53Z","published":"2023-02-17T11:04:53Z","upstream":["CVE-2022-3707","CVE-2023-0394","CVE-2023-0590"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.(CVE-2022-3707)\r\n\r\nA NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.(CVE-2023-0394)\r\n\r\nA use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem leading to a denial-of-service problem. \r\n\r\nReference:\nhttps://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/\r\n\r\n\nCrash:\n    BUG: KASAN: use-after-free in __tcf_qdisc_find.part.0+0xa3a/0xac0 net/sched/cls_api.c:1066\n    Read of size 4 at addr ffff88802065e038 by task syz-executor.4/21027\n    \n    CPU: 0 PID: 21027 Comm: syz-executor.4 Not tainted 6.0.0-rc3-syzkaller-00363-g7726d4c3e60b #0\n    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022\n    Call Trace:\n    \u0026lt;TASK\u0026gt;\n    __dump_stack lib/dump_stack.c:88 [inline]\n    dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n    print_address_description mm/kasan/report.c:317 [inline]\n    print_report.cold+0x2ba/0x719 mm/kasan/report.c:433\n    kasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n    __tcf_qdisc_find.part.0+0xa3a/0xac0 net/sched/cls_api.c:1066\n    __tcf_qdisc_find net/sched/cls_api.c:1051 [inline]\n    tc_new_tfilter+0x34f/0x2200 net/sched/cls_api.c:2018\n    rtnetlink_rcv_msg+0x955/0xca0 net/core/rtnetlink.c:6081\n    netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2501\n    netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n    netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345\n    netlink_sendmsg+0x917/0xe10 net/netlink/af_netlink.c:1921\n    sock_sendmsg_nosec net/socket.c:714 [inline]\n    sock_sendmsg+0xcf/0x120 net/socket.c:734\n    ____sys_sendmsg+0x6eb/0x810 net/socket.c:2482\n    ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536\n    __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565\n    do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n    do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n    entry_SYSCALL_64_after_hwframe+0x63/0xcd\n    RIP: 0033:0x7f5efaa89279(CVE-2023-0590)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-60.80.0.104.oe2203"}]}],"ecosystem_specific":{"aarch64":["kernel-headers-5.10.0-60.80.0.104.oe2203.aarch64.rpm","perf-5.10.0-60.80.0.104.oe2203.aarch64.rpm","kernel-tools-devel-5.10.0-60.80.0.104.oe2203.aarch64.rpm","kernel-debugsource-5.10.0-60.80.0.104.oe2203.aarch64.rpm","kernel-tools-debuginfo-5.10.0-60.80.0.104.oe2203.aarch64.rpm","kernel-debuginfo-5.10.0-60.80.0.104.oe2203.aarch64.rpm","bpftool-debuginfo-5.10.0-60.80.0.104.oe2203.aarch64.rpm","python3-perf-debuginfo-5.10.0-60.80.0.104.oe2203.aarch64.rpm","kernel-tools-5.10.0-60.80.0.104.oe2203.aarch64.rpm","kernel-devel-5.10.0-60.80.0.104.oe2203.aarch64.rpm","perf-debuginfo-5.10.0-60.80.0.104.oe2203.aarch64.rpm","bpftool-5.10.0-60.80.0.104.oe2203.aarch64.rpm","kernel-source-5.10.0-60.80.0.104.oe2203.aarch64.rpm","kernel-5.10.0-60.80.0.104.oe2203.aarch64.rpm","python3-perf-5.10.0-60.80.0.104.oe2203.aarch64.rpm"],"src":["kernel-5.10.0-60.80.0.104.oe2203.src.rpm"],"x86_64":["perf-5.10.0-60.80.0.104.oe2203.x86_64.rpm","kernel-devel-5.10.0-60.80.0.104.oe2203.x86_64.rpm","kernel-tools-debuginfo-5.10.0-60.80.0.104.oe2203.x86_64.rpm","python3-perf-5.10.0-60.80.0.104.oe2203.x86_64.rpm","kernel-debuginfo-5.10.0-60.80.0.104.oe2203.x86_64.rpm","kernel-source-5.10.0-60.80.0.104.oe2203.x86_64.rpm","bpftool-debuginfo-5.10.0-60.80.0.104.oe2203.x86_64.rpm","kernel-debugsource-5.10.0-60.80.0.104.oe2203.x86_64.rpm","bpftool-5.10.0-60.80.0.104.oe2203.x86_64.rpm","perf-debuginfo-5.10.0-60.80.0.104.oe2203.x86_64.rpm","kernel-5.10.0-60.80.0.104.oe2203.x86_64.rpm","kernel-tools-5.10.0-60.80.0.104.oe2203.x86_64.rpm","python3-perf-debuginfo-5.10.0-60.80.0.104.oe2203.x86_64.rpm","kernel-tools-devel-5.10.0-60.80.0.104.oe2203.x86_64.rpm","kernel-headers-5.10.0-60.80.0.104.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1084"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3707"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0394"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0590"}],"database_specific":{"severity":"High"}}