{"schema_version":"1.7.2","id":"OESA-2024-1030","modified":"2024-01-12T11:06:42Z","published":"2024-01-12T11:06:42Z","upstream":["CVE-2021-33630","CVE-2021-33631","CVE-2023-6121","CVE-2023-6931","CVE-2023-6932"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nopeneuler-linux-kernel-4.19.0-cbs_destroy-NULL-ptr-deref-391216(CVE-2021-33630)\r\n\r\nopeneuler-linux-kernel-5.10.149-ext4_write_inline_data-kernel_bug-365020(CVE-2021-33631)\r\n\r\nAn out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).(CVE-2023-6121)\r\n\r\nA heap out-of-bounds write vulnerability in the Linux kernel\u0026apos;s Performance Events system component can be exploited to achieve local privilege escalation.\r\n\r\nA perf_event\u0026apos;s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\r\n\r\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.\r\n\r\n(CVE-2023-6931)\r\n\r\nA use-after-free vulnerability in the Linux kernel\u0026apos;s ipv4: igmp component can be exploited to achieve local privilege escalation.\r\n\r\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\r\n\r\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.\r\n\r\n(CVE-2023-6932)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2401.3.0.0234.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-tools-devel-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","bpftool-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","kernel-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","python2-perf-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","perf-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","kernel-devel-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","kernel-source-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","kernel-tools-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","python3-perf-4.19.90-2401.3.0.0234.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2401.3.0.0234.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2401.3.0.0234.oe1.src.rpm"],"x86_64":["kernel-source-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","python3-perf-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","perf-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","python2-perf-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","kernel-tools-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","kernel-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","bpftool-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","kernel-devel-4.19.90-2401.3.0.0234.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2401.3.0.0234.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1030"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33630"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33631"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6121"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6931"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6932"}],"database_specific":{"severity":"High"}}