{"schema_version":"1.7.2","id":"OESA-2023-1152","modified":"2023-03-10T11:05:01Z","published":"2023-03-10T11:05:01Z","upstream":["CVE-2023-23586","CVE-2023-26607"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nDue to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring\u0026apos;s io_worker threads, thus it is possible to insert a time namespace\u0026apos;s vvar page to process\u0026apos;s memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process\u0026apos; memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring(CVE-2023-23586)\r\n\r\nIn the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.(CVE-2023-26607)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-60.84.0.108.oe2203"}]}],"ecosystem_specific":{"aarch64":["kernel-headers-5.10.0-60.84.0.108.oe2203.aarch64.rpm","bpftool-5.10.0-60.84.0.108.oe2203.aarch64.rpm","kernel-tools-debuginfo-5.10.0-60.84.0.108.oe2203.aarch64.rpm","kernel-tools-devel-5.10.0-60.84.0.108.oe2203.aarch64.rpm","perf-debuginfo-5.10.0-60.84.0.108.oe2203.aarch64.rpm","kernel-5.10.0-60.84.0.108.oe2203.aarch64.rpm","python3-perf-debuginfo-5.10.0-60.84.0.108.oe2203.aarch64.rpm","perf-5.10.0-60.84.0.108.oe2203.aarch64.rpm","kernel-devel-5.10.0-60.84.0.108.oe2203.aarch64.rpm","kernel-debugsource-5.10.0-60.84.0.108.oe2203.aarch64.rpm","kernel-source-5.10.0-60.84.0.108.oe2203.aarch64.rpm","kernel-tools-5.10.0-60.84.0.108.oe2203.aarch64.rpm","bpftool-debuginfo-5.10.0-60.84.0.108.oe2203.aarch64.rpm","python3-perf-5.10.0-60.84.0.108.oe2203.aarch64.rpm","kernel-debuginfo-5.10.0-60.84.0.108.oe2203.aarch64.rpm"],"src":["kernel-5.10.0-60.84.0.108.oe2203.src.rpm"],"x86_64":["kernel-tools-devel-5.10.0-60.84.0.108.oe2203.x86_64.rpm","bpftool-5.10.0-60.84.0.108.oe2203.x86_64.rpm","kernel-devel-5.10.0-60.84.0.108.oe2203.x86_64.rpm","perf-debuginfo-5.10.0-60.84.0.108.oe2203.x86_64.rpm","kernel-5.10.0-60.84.0.108.oe2203.x86_64.rpm","kernel-debuginfo-5.10.0-60.84.0.108.oe2203.x86_64.rpm","python3-perf-5.10.0-60.84.0.108.oe2203.x86_64.rpm","python3-perf-debuginfo-5.10.0-60.84.0.108.oe2203.x86_64.rpm","kernel-debugsource-5.10.0-60.84.0.108.oe2203.x86_64.rpm","bpftool-debuginfo-5.10.0-60.84.0.108.oe2203.x86_64.rpm","kernel-source-5.10.0-60.84.0.108.oe2203.x86_64.rpm","perf-5.10.0-60.84.0.108.oe2203.x86_64.rpm","kernel-tools-debuginfo-5.10.0-60.84.0.108.oe2203.x86_64.rpm","kernel-tools-5.10.0-60.84.0.108.oe2203.x86_64.rpm","kernel-headers-5.10.0-60.84.0.108.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1152"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23586"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26607"}],"database_specific":{"severity":"High"}}