An update for kernel is now available for openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1072 Final 1.0 1.0 2023-02-10 Initial 2023-02-10 2023-02-10 openEuler SA Tool V1.0 2023-02-10 kernel security update An update for kernel is now available for openEuler-22.03-LTS-SP1. The Linux Kernel, the operating system core itself. Security Fix(es): A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.(CVE-2023-0179) atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23455) cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).(CVE-2023-23454) An update for kernel is now available for openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1072 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-0179 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23455 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23454 https://nvd.nist.gov/vuln/detail/CVE-2023-0179 https://nvd.nist.gov/vuln/detail/CVE-2023-23455 https://nvd.nist.gov/vuln/detail/CVE-2023-23454 openEuler-22.03-LTS-SP1 kernel-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm kernel-headers-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm perf-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm bpftool-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm python3-perf-debuginfo-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm perf-debuginfo-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm kernel-tools-devel-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm kernel-devel-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm kernel-tools-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm kernel-tools-debuginfo-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm kernel-debugsource-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm python3-perf-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm kernel-source-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm bpftool-debuginfo-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm kernel-debuginfo-5.10.0-136.17.0.93.oe2203sp1.aarch64.rpm kernel-5.10.0-136.17.0.93.oe2203sp1.src.rpm kernel-debugsource-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm perf-debuginfo-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm kernel-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm perf-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm kernel-tools-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm kernel-source-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm python3-perf-debuginfo-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm bpftool-debuginfo-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm kernel-tools-devel-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm kernel-devel-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm kernel-headers-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm kernel-debuginfo-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm python3-perf-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm bpftool-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm kernel-tools-debuginfo-5.10.0-136.17.0.93.oe2203sp1.x86_64.rpm A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. 2023-02-10 CVE-2023-0179 openEuler-22.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-02-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1072 atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). 2023-02-10 CVE-2023-23455 openEuler-22.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-02-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1072 cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). 2023-02-10 CVE-2023-23454 openEuler-22.03-LTS-SP1 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-02-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1072