An update for kernel is now available for openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1616 Final 1.0 1.0 2023-09-09 Initial 2023-09-09 2023-09-09 openEuler SA Tool V1.0 2023-09-09 kernel security update An update for kernel is now available for openEuler-22.03-LTS-SP2. The Linux Kernel, the operating system core itself. Security Fix(es): (CVE-2023-3865) (CVE-2023-3866) A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.(CVE-2023-4132) A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.(CVE-2023-4273) An update for kernel is now available for openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1616 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-3865 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-3866 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4132 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4273 https://nvd.nist.gov/vuln/detail/CVE-2023-3865 https://nvd.nist.gov/vuln/detail/CVE-2023-3866 https://nvd.nist.gov/vuln/detail/CVE-2023-4132 https://nvd.nist.gov/vuln/detail/CVE-2023-4273 openEuler-22.03-LTS-SP2 kernel-tools-debuginfo-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm kernel-debuginfo-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm kernel-headers-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm python3-perf-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm bpftool-debuginfo-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm python3-perf-debuginfo-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm perf-debuginfo-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm kernel-devel-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm kernel-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm perf-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm kernel-source-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm bpftool-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm kernel-debugsource-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm kernel-tools-devel-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm kernel-tools-5.10.0-153.26.0.102.oe2203sp2.aarch64.rpm kernel-5.10.0-153.26.0.102.oe2203sp2.src.rpm kernel-tools-debuginfo-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm perf-debuginfo-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm bpftool-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm kernel-debuginfo-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm kernel-tools-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm kernel-headers-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm python3-perf-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm kernel-devel-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm kernel-tools-devel-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm kernel-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm bpftool-debuginfo-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm perf-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm kernel-source-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm kernel-debugsource-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm python3-perf-debuginfo-5.10.0-153.26.0.102.oe2203sp2.x86_64.rpm 2023-09-09 CVE-2023-3865 openEuler-22.03-LTS-SP2 High 7.1 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:H kernel security update 2023-09-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1616 2023-09-09 CVE-2023-3866 openEuler-22.03-LTS-SP2 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-09-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1616 A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. 2023-09-09 CVE-2023-4132 openEuler-22.03-LTS-SP2 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-09-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1616 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. 2023-09-09 CVE-2023-4273 openEuler-22.03-LTS-SP2 Medium 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-09-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1616