{"schema_version":"1.7.2","id":"OESA-2023-1182","modified":"2023-03-24T11:05:05Z","published":"2023-03-24T11:05:05Z","upstream":["CVE-2023-1073","CVE-2023-1095"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw found in the Linux Kernel. The missing check causes a type confusion when issuing a list_entry()\non an empty report_list. The problem is caused by the assumption that the device must have valid report_list. While this will be true for all normal HID devices, a suitably malicious device can violate the assumption.\r\n\r\nReferences:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b12fece4c64857e5fab4290bf01b2e0317a88456\nhttps://www.openwall.com/lists/oss-security/2023/01/17/3(CVE-2023-1073)\r\n\r\nIn nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.(CVE-2023-1095)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2303.4.0.0193.oe1"}]}],"ecosystem_specific":{"aarch64":["python2-perf-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","perf-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","kernel-tools-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","kernel-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","bpftool-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","kernel-devel-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","python3-perf-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","kernel-source-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2303.4.0.0193.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2303.4.0.0193.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2303.4.0.0193.oe1.src.rpm"],"x86_64":["kernel-devel-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","bpftool-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","perf-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","kernel-source-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","python2-perf-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","kernel-tools-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","python3-perf-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2303.4.0.0193.oe1.x86_64.rpm","kernel-4.19.90-2303.4.0.0193.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1182"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1073"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1095"}],"database_specific":{"severity":"Medium"}}