An update for kernel is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1084 Final 1.0 1.0 2023-02-17 Initial 2023-02-17 2023-02-17 openEuler SA Tool V1.0 2023-02-17 kernel security update An update for kernel is now available for openEuler-22.03-LTS. The Linux Kernel, the operating system core itself. Security Fix(es): A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.(CVE-2022-3707) A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.(CVE-2023-0394) A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem leading to a denial-of-service problem. Reference: https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/ Crash: BUG: KASAN: use-after-free in __tcf_qdisc_find.part.0+0xa3a/0xac0 net/sched/cls_api.c:1066 Read of size 4 at addr ffff88802065e038 by task syz-executor.4/21027 CPU: 0 PID: 21027 Comm: syz-executor.4 Not tainted 6.0.0-rc3-syzkaller-00363-g7726d4c3e60b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:317 [inline] print_report.cold+0x2ba/0x719 mm/kasan/report.c:433 kasan_report+0xb1/0x1e0 mm/kasan/report.c:495 __tcf_qdisc_find.part.0+0xa3a/0xac0 net/sched/cls_api.c:1066 __tcf_qdisc_find net/sched/cls_api.c:1051 [inline] tc_new_tfilter+0x34f/0x2200 net/sched/cls_api.c:2018 rtnetlink_rcv_msg+0x955/0xca0 net/core/rtnetlink.c:6081 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2501 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x917/0xe10 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:734 ____sys_sendmsg+0x6eb/0x810 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5efaa89279(CVE-2023-0590) An update for kernel is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1084 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3707 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-0394 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-0590 https://nvd.nist.gov/vuln/detail/CVE-2022-3707 https://nvd.nist.gov/vuln/detail/CVE-2023-0394 https://nvd.nist.gov/vuln/detail/CVE-2023-0590 openEuler-22.03-LTS kernel-headers-5.10.0-60.80.0.104.oe2203.aarch64.rpm perf-5.10.0-60.80.0.104.oe2203.aarch64.rpm kernel-tools-devel-5.10.0-60.80.0.104.oe2203.aarch64.rpm kernel-debugsource-5.10.0-60.80.0.104.oe2203.aarch64.rpm kernel-tools-debuginfo-5.10.0-60.80.0.104.oe2203.aarch64.rpm kernel-debuginfo-5.10.0-60.80.0.104.oe2203.aarch64.rpm bpftool-debuginfo-5.10.0-60.80.0.104.oe2203.aarch64.rpm python3-perf-debuginfo-5.10.0-60.80.0.104.oe2203.aarch64.rpm kernel-tools-5.10.0-60.80.0.104.oe2203.aarch64.rpm kernel-devel-5.10.0-60.80.0.104.oe2203.aarch64.rpm perf-debuginfo-5.10.0-60.80.0.104.oe2203.aarch64.rpm bpftool-5.10.0-60.80.0.104.oe2203.aarch64.rpm kernel-source-5.10.0-60.80.0.104.oe2203.aarch64.rpm kernel-5.10.0-60.80.0.104.oe2203.aarch64.rpm python3-perf-5.10.0-60.80.0.104.oe2203.aarch64.rpm kernel-5.10.0-60.80.0.104.oe2203.src.rpm perf-5.10.0-60.80.0.104.oe2203.x86_64.rpm kernel-devel-5.10.0-60.80.0.104.oe2203.x86_64.rpm kernel-tools-debuginfo-5.10.0-60.80.0.104.oe2203.x86_64.rpm python3-perf-5.10.0-60.80.0.104.oe2203.x86_64.rpm kernel-debuginfo-5.10.0-60.80.0.104.oe2203.x86_64.rpm kernel-source-5.10.0-60.80.0.104.oe2203.x86_64.rpm bpftool-debuginfo-5.10.0-60.80.0.104.oe2203.x86_64.rpm kernel-debugsource-5.10.0-60.80.0.104.oe2203.x86_64.rpm bpftool-5.10.0-60.80.0.104.oe2203.x86_64.rpm perf-debuginfo-5.10.0-60.80.0.104.oe2203.x86_64.rpm kernel-5.10.0-60.80.0.104.oe2203.x86_64.rpm kernel-tools-5.10.0-60.80.0.104.oe2203.x86_64.rpm python3-perf-debuginfo-5.10.0-60.80.0.104.oe2203.x86_64.rpm kernel-tools-devel-5.10.0-60.80.0.104.oe2203.x86_64.rpm kernel-headers-5.10.0-60.80.0.104.oe2203.x86_64.rpm A deouble-free flaw in the Linux Kernel Intel GVT-g graphics driver found. The problem happens when some system resource on high cost. One way to trigger is to make dma high load. When it gets into the situation when function intel_gvt_dma_map_guest_page failed, the flaw being triggered.Reference:https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/ 2023-02-17 CVE-2022-3707 openEuler-22.03-LTS Medium 5.1 AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-02-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1084 A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. 2023-02-17 CVE-2023-0394 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-02-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1084 A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem leading to a denial-of-service problem. Reference:https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/Crash: BUG: KASAN: use-after-free in __tcf_qdisc_find.part.0+0xa3a/0xac0 net/sched/cls_api.c:1066 Read of size 4 at addr ffff88802065e038 by task syz-executor.4/21027 CPU: 0 PID: 21027 Comm: syz-executor.4 Not tainted 6.0.0-rc3-syzkaller-00363-g7726d4c3e60b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:317 [inline] print_report.cold+0x2ba/0x719 mm/kasan/report.c:433 kasan_report+0xb1/0x1e0 mm/kasan/report.c:495 __tcf_qdisc_find.part.0+0xa3a/0xac0 net/sched/cls_api.c:1066 __tcf_qdisc_find net/sched/cls_api.c:1051 [inline] tc_new_tfilter+0x34f/0x2200 net/sched/cls_api.c:2018 rtnetlink_rcv_msg+0x955/0xca0 net/core/rtnetlink.c:6081 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2501 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x917/0xe10 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:734 ____sys_sendmsg+0x6eb/0x810 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5efaa89279 2023-02-17 CVE-2023-0590 openEuler-22.03-LTS High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-02-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1084