{"schema_version":"1.7.2","id":"OESA-2024-1106","modified":"2024-01-26T11:06:52Z","published":"2024-01-26T11:06:52Z","upstream":["CVE-2022-48619","CVE-2024-0340","CVE-2024-0641"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.(CVE-2022-48619)\r\n\r\nA vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.(CVE-2024-0340)\r\n\r\nA denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.(CVE-2024-0641)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2401.5.0.0236.oe1"}]}],"ecosystem_specific":{"aarch64":["python2-perf-debuginfo-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","perf-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","kernel-devel-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","python2-perf-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","bpftool-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","kernel-source-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","python3-perf-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","kernel-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2401.5.0.0236.oe1.aarch64.rpm","kernel-tools-4.19.90-2401.5.0.0236.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2401.5.0.0236.oe1.src.rpm"],"x86_64":["kernel-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","kernel-source-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","kernel-tools-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","python3-perf-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","kernel-devel-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","python2-perf-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","perf-4.19.90-2401.5.0.0236.oe1.x86_64.rpm","bpftool-4.19.90-2401.5.0.0236.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2401.5.0.0262.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["kernel-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","kernel-devel-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","python2-perf-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","python2-perf-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","perf-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","kernel-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","python3-perf-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","kernel-tools-devel-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","bpftool-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","kernel-source-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","kernel-tools-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","python3-perf-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","bpftool-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","kernel-debugsource-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm","perf-4.19.90-2401.5.0.0262.oe2003sp4.aarch64.rpm"],"src":["kernel-4.19.90-2401.5.0.0262.oe2003sp4.src.rpm"],"x86_64":["perf-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","perf-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","python2-perf-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","python3-perf-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","kernel-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","kernel-source-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","kernel-devel-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","python2-perf-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","kernel-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","python3-perf-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","bpftool-debuginfo-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","bpftool-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","kernel-debugsource-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","kernel-tools-devel-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm","kernel-tools-4.19.90-2401.5.0.0262.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1106"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48619"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0340"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-0641"}],"database_specific":{"severity":"Medium"}}