483 lines
40 KiB
XML
483 lines
40 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
||
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
|
||
<DocumentTitle xml:lang="en">An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1</DocumentTitle>
|
||
<DocumentType>Security Advisory</DocumentType>
|
||
<DocumentPublisher Type="Vendor">
|
||
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
|
||
<IssuingAuthority>openEuler security committee</IssuingAuthority>
|
||
</DocumentPublisher>
|
||
<DocumentTracking>
|
||
<Identification>
|
||
<ID>openEuler-SA-2023-1284</ID>
|
||
</Identification>
|
||
<Status>Final</Status>
|
||
<Version>1.0</Version>
|
||
<RevisionHistory>
|
||
<Revision>
|
||
<Number>1.0</Number>
|
||
<Date>2023-05-19</Date>
|
||
<Description>Initial</Description>
|
||
</Revision>
|
||
</RevisionHistory>
|
||
<InitialReleaseDate>2023-05-19</InitialReleaseDate>
|
||
<CurrentReleaseDate>2023-05-19</CurrentReleaseDate>
|
||
<Generator>
|
||
<Engine>openEuler SA Tool V1.0</Engine>
|
||
<Date>2023-05-19</Date>
|
||
</Generator>
|
||
</DocumentTracking>
|
||
<DocumentNotes>
|
||
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">kernel security update</Note>
|
||
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.</Note>
|
||
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">The Linux Kernel, the operating system core itself.
|
||
|
||
Security Fix(es):
|
||
|
||
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.(CVE-2023-2002)
|
||
|
||
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11(CVE-2023-0458)
|
||
|
||
In emac_probe, &adpt->work_thread is bound with emac_work_thread. Then it will be started by timeout handler emac_tx_timeout or a IRQ handler emac_isr. If we remove the driver which will call emac_remove to make cleanup, there may be a unfinished work. This could lead to a use-after-free.
|
||
|
||
Upstream fix:
|
||
https://github.com/torvalds/linux/commit/6b6bc5b8bd2d(CVE-2023-2483)
|
||
|
||
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.(CVE-2023-32269)
|
||
|
||
In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size.(CVE-2023-26544)
|
||
|
||
No description is available for this CVE(CVE-2023-0459)
|
||
|
||
A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.(CVE-2023-2177)
|
||
|
||
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.(CVE-2023-2513)</Note>
|
||
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.
|
||
|
||
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
|
||
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
|
||
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">kernel</Note>
|
||
</DocumentNotes>
|
||
<DocumentReferences>
|
||
<Reference Type="Self">
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1284</URL>
|
||
</Reference>
|
||
<Reference Type="openEuler CVE">
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-2002</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-0458</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-2483</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32269</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-26544</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-0459</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-2177</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-2513</URL>
|
||
</Reference>
|
||
<Reference Type="Other">
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-2002</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-0458</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-2483</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-32269</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-26544</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-0459</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-2177</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-2513</URL>
|
||
</Reference>
|
||
</DocumentReferences>
|
||
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
|
||
<Branch Type="Product Name" Name="openEuler">
|
||
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
|
||
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
|
||
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
|
||
<FullProductName ProductID="openEuler-22.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">openEuler-22.03-LTS-SP1</FullProductName>
|
||
</Branch>
|
||
<Branch Type="Package Arch" Name="aarch64">
|
||
<FullProductName ProductID="perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-devel-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debugsource-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-devel-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-source-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-perf-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-source-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-devel-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">bpftool-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python2-perf-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-debugsource-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">bpftool-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python2-perf-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-devel-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-perf-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">perf-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-debuginfo-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">perf-4.19.90-2305.2.0.0201.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-devel-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-debuginfo-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-source-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-devel-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-headers-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-headers-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debuginfo-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debugsource-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-debuginfo-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-debuginfo-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-debuginfo-5.10.0-60.94.0.118.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-tools-debuginfo-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">bpftool-debuginfo-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">bpftool-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-devel-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-tools-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-debugsource-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-tools-devel-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">perf-debuginfo-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">python3-perf-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-source-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-debuginfo-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-headers-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-headers-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">perf-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">python3-perf-debuginfo-5.10.0-136.32.0.108.oe2203sp1.aarch64.rpm</FullProductName>
|
||
</Branch>
|
||
<Branch Type="Package Arch" Name="src">
|
||
<FullProductName ProductID="kernel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-4.19.90-2305.2.0.0201.oe1.src.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-4.19.90-2305.2.0.0201.oe1.src.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.94.0.118.oe2203.src.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-5.10.0-136.32.0.108.oe2203sp1.src.rpm</FullProductName>
|
||
</Branch>
|
||
<Branch Type="Package Arch" Name="x86_64">
|
||
<FullProductName ProductID="kernel-source-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-source-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-devel-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debugsource-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-devel-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-devel-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">perf-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-perf-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python2-perf-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">bpftool-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">perf-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-perf-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">bpftool-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-debugsource-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-source-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python2-perf-debuginfo-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-4.19.90-2305.2.0.0201" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-devel-4.19.90-2305.2.0.0201.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-headers-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-headers-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-debuginfo-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-debuginfo-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-devel-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-debuginfo-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-devel-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-debuginfo-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debugsource-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-source-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-5.10.0-60.94.0.118" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debuginfo-5.10.0-60.94.0.118.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">perf-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">perf-debuginfo-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-tools-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-source-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-headers-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-headers-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-debugsource-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-devel-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-debuginfo-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">python3-perf-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-tools-devel-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-tools-debuginfo-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">python3-perf-debuginfo-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">bpftool-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">kernel-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-5.10.0-136.32.0.108" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">bpftool-debuginfo-5.10.0-136.32.0.108.oe2203sp1.x86_64.rpm</FullProductName>
|
||
</Branch>
|
||
</ProductTree>
|
||
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2023-05-19</ReleaseDate>
|
||
<CVE>CVE-2023-2002</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>High</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>7.8</BaseScore>
|
||
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2023-05-19</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1284</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the rlim variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11</Note>
|
||
</Notes>
|
||
<ReleaseDate>2023-05-19</ReleaseDate>
|
||
<CVE>CVE-2023-0458</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>4.7</BaseScore>
|
||
<Vector>AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2023-05-19</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1284</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">In emac_probe, &adpt->work_thread is bound with emac_work_thread. Then it will be started by timeout handler emac_tx_timeout or a IRQ handler emac_isr. If we remove the driver which will call emac_remove to make cleanup, there may be a unfinished work. This could lead to a use-after-free.Upstream fix:https://github.com/torvalds/linux/commit/6b6bc5b8bd2d</Note>
|
||
</Notes>
|
||
<ReleaseDate>2023-05-19</ReleaseDate>
|
||
<CVE>CVE-2023-2483</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>6.4</BaseScore>
|
||
<Vector>AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2023-05-19</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1284</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2023-05-19</ReleaseDate>
|
||
<CVE>CVE-2023-32269</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>6.7</BaseScore>
|
||
<Vector>AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2023-05-19</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1284</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="5" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2023-05-19</ReleaseDate>
|
||
<CVE>CVE-2023-26544</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>High</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>7.8</BaseScore>
|
||
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2023-05-19</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1284</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="6" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="6" xml:lang="en">No description is available for this CVE.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2023-05-19</ReleaseDate>
|
||
<CVE>CVE-2023-0459</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>5.3</BaseScore>
|
||
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2023-05-19</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1284</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="7" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="7" xml:lang="en">A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2023-05-19</ReleaseDate>
|
||
<CVE>CVE-2023-2177</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>5.5</BaseScore>
|
||
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2023-05-19</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1284</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="8" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="8" xml:lang="en">A use-after-free vulnerability was found in the Linux kernel s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2023-05-19</ReleaseDate>
|
||
<CVE>CVE-2023-2513</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>6.7</BaseScore>
|
||
<Vector>AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2023-05-19</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1284</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
</cvrfdoc> |