{"schema_version":"1.7.2","id":"OESA-2023-1423","modified":"2023-07-15T11:05:32Z","published":"2023-07-15T11:05:32Z","upstream":["CVE-2023-3389"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nA use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n(CVE-2023-3389)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-60.102.0.128.oe2203"}]}],"ecosystem_specific":{"aarch64":["bpftool-5.10.0-60.102.0.128.oe2203.aarch64.rpm","kernel-source-5.10.0-60.102.0.128.oe2203.aarch64.rpm","bpftool-debuginfo-5.10.0-60.102.0.128.oe2203.aarch64.rpm","kernel-headers-5.10.0-60.102.0.128.oe2203.aarch64.rpm","kernel-tools-5.10.0-60.102.0.128.oe2203.aarch64.rpm","kernel-debugsource-5.10.0-60.102.0.128.oe2203.aarch64.rpm","kernel-tools-devel-5.10.0-60.102.0.128.oe2203.aarch64.rpm","kernel-tools-debuginfo-5.10.0-60.102.0.128.oe2203.aarch64.rpm","perf-debuginfo-5.10.0-60.102.0.128.oe2203.aarch64.rpm","python3-perf-debuginfo-5.10.0-60.102.0.128.oe2203.aarch64.rpm","perf-5.10.0-60.102.0.128.oe2203.aarch64.rpm","kernel-debuginfo-5.10.0-60.102.0.128.oe2203.aarch64.rpm","kernel-devel-5.10.0-60.102.0.128.oe2203.aarch64.rpm","python3-perf-5.10.0-60.102.0.128.oe2203.aarch64.rpm","kernel-5.10.0-60.102.0.128.oe2203.aarch64.rpm"],"src":["kernel-5.10.0-60.102.0.128.oe2203.src.rpm"],"x86_64":["kernel-debugsource-5.10.0-60.102.0.128.oe2203.x86_64.rpm","kernel-tools-5.10.0-60.102.0.128.oe2203.x86_64.rpm","python3-perf-debuginfo-5.10.0-60.102.0.128.oe2203.x86_64.rpm","kernel-tools-debuginfo-5.10.0-60.102.0.128.oe2203.x86_64.rpm","python3-perf-5.10.0-60.102.0.128.oe2203.x86_64.rpm","perf-5.10.0-60.102.0.128.oe2203.x86_64.rpm","perf-debuginfo-5.10.0-60.102.0.128.oe2203.x86_64.rpm","bpftool-5.10.0-60.102.0.128.oe2203.x86_64.rpm","kernel-headers-5.10.0-60.102.0.128.oe2203.x86_64.rpm","bpftool-debuginfo-5.10.0-60.102.0.128.oe2203.x86_64.rpm","kernel-devel-5.10.0-60.102.0.128.oe2203.x86_64.rpm","kernel-debuginfo-5.10.0-60.102.0.128.oe2203.x86_64.rpm","kernel-source-5.10.0-60.102.0.128.oe2203.x86_64.rpm","kernel-tools-devel-5.10.0-60.102.0.128.oe2203.x86_64.rpm","kernel-5.10.0-60.102.0.128.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1423"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3389"}],"database_specific":{"severity":"High"}}