{"schema_version":"1.7.2","id":"OESA-2023-1842","modified":"2023-11-17T11:06:19Z","published":"2023-11-17T11:06:19Z","upstream":["CVE-2022-45884","CVE-2023-3327","CVE-2023-39198","CVE-2023-4623"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.(CVE-2022-45884)\r\n\r\nRejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2023-3327)\r\n\r\nA race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.(CVE-2023-39198)\r\n\r\nA use-after-free vulnerability in the Linux kernel\u0026apos;s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\r\n\r\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\r\n\r\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.\r\n\r\n(CVE-2023-4623)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2311.3.0.0226.oe1"}]}],"ecosystem_specific":{"aarch64":["python2-perf-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","kernel-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","kernel-devel-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","bpftool-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","kernel-tools-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","kernel-source-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","perf-4.19.90-2311.3.0.0226.oe1.aarch64.rpm","python3-perf-4.19.90-2311.3.0.0226.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2311.3.0.0226.oe1.src.rpm"],"x86_64":["kernel-devel-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","perf-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","kernel-tools-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","bpftool-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","python2-perf-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","python3-perf-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","kernel-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2311.3.0.0226.oe1.x86_64.rpm","kernel-source-4.19.90-2311.3.0.0226.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1842"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45884"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3327"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39198"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4623"}],"database_specific":{"severity":"High"}}