{"schema_version":"1.7.2","id":"OESA-2023-1845","modified":"2023-11-17T11:06:20Z","published":"2023-11-17T11:06:20Z","upstream":["CVE-2022-45884","CVE-2023-3327","CVE-2023-39198","CVE-2023-4623","CVE-2023-5197"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.(CVE-2022-45884)\r\n\r\nRejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.(CVE-2023-3327)\r\n\r\nA race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.(CVE-2023-39198)\r\n\r\nA use-after-free vulnerability in the Linux kernel\u0026apos;s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\r\n\r\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\r\n\r\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.\r\n\r\n(CVE-2023-4623)\r\n\r\nA use-after-free vulnerability in the Linux kernel\u0026apos;s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\r\n\r\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.\r\n\r\n(CVE-2023-5197)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP2","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-22.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-153.33.0.110.oe2203sp2"}]}],"ecosystem_specific":{"aarch64":["bpftool-debuginfo-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","perf-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","bpftool-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","python3-perf-debuginfo-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","kernel-devel-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","kernel-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","python3-perf-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","kernel-tools-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","kernel-debuginfo-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","kernel-tools-debuginfo-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","kernel-source-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","kernel-tools-devel-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","kernel-debugsource-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","kernel-headers-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm","perf-debuginfo-5.10.0-153.33.0.110.oe2203sp2.aarch64.rpm"],"src":["kernel-5.10.0-153.33.0.110.oe2203sp2.src.rpm"],"x86_64":["bpftool-debuginfo-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","kernel-debugsource-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","kernel-headers-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","perf-debuginfo-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","kernel-tools-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","bpftool-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","kernel-debuginfo-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","kernel-tools-devel-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","python3-perf-debuginfo-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","kernel-devel-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","kernel-tools-debuginfo-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","kernel-source-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","python3-perf-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","kernel-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm","perf-5.10.0-153.33.0.110.oe2203sp2.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1845"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45884"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3327"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39198"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4623"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5197"}],"database_specific":{"severity":"High"}}