{"schema_version":"1.7.2","id":"OESA-2024-1282","modified":"2024-03-15T11:07:12Z","published":"2024-03-15T11:07:12Z","upstream":["CVE-2023-52439","CVE-2024-22099"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel, the following vulnerability has been resolved:\r\n\r\nuio: Fix use-after-free in uio_open\r\n\r\ncore-1\t\t\t\tcore-2\n-------------------------------------------------------\nuio_unregister_device\t\tuio_open\n\t\t\t\tidev = idr_find()\ndevice_unregister(\u0026amp;idev-\u0026gt;dev)\nput_device(\u0026amp;idev-\u0026gt;dev)\nuio_device_release\n\t\t\t\tget_device(\u0026amp;idev-\u0026gt;dev)\nkfree(idev)\nuio_free_minor(minor)\n\t\t\t\tuio_release\n\t\t\t\tput_device(\u0026amp;idev-\u0026gt;dev)\n\t\t\t\tkfree(idev)\n-------------------------------------------------------\r\n\r\nIn the core-1 uio_unregister_device(), the device_unregister will kfree\nidev when the idev-\u0026gt;dev kobject ref is 1. But after core-1\ndevice_unregister, put_device and before doing kfree, the core-2 may\nget_device. Then:\n1. After core-1 kfree idev, the core-2 will do use-after-free for idev.\n2. When core-2 do uio_release and put_device, the idev will be double\n   freed.\r\n\r\nTo address this issue, we can get idev atomic \u0026amp; inc idev reference with\nminor_lock.(CVE-2023-52439)\r\n\r\nNULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\r\n\r\nThis issue affects Linux kernel: v2.6.12-rc2.\r\n\r\n(CVE-2024-22099)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2403.2.0.0269.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["kernel-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","python2-perf-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","bpftool-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","python3-perf-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","kernel-devel-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","kernel-tools-devel-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","kernel-tools-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","perf-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","python2-perf-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","perf-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","kernel-debugsource-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","python3-perf-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","bpftool-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","kernel-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm","kernel-source-4.19.90-2403.2.0.0269.oe2003sp4.aarch64.rpm"],"src":["kernel-4.19.90-2403.2.0.0269.oe2003sp4.src.rpm"],"x86_64":["kernel-tools-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","python3-perf-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","python2-perf-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","python2-perf-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","kernel-debugsource-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","kernel-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","kernel-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","kernel-tools-devel-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","bpftool-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","perf-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","bpftool-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","perf-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","kernel-devel-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","kernel-source-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm","python3-perf-debuginfo-4.19.90-2403.2.0.0269.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1282"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52439"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22099"}],"database_specific":{"severity":"High"}}