jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cvrf2cusa/cvrf/2023/cvrf-openEuler-SA-2023-1614.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

228 lines
14 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for kernel is now available for openEuler-22.03-LTS</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2023-1614</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2023-09-09</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2023-09-09</InitialReleaseDate>
<CurrentReleaseDate>2023-09-09</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2023-09-09</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">kernel security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for kernel is now available for openEuler-22.03-LTS.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">The Linux Kernel, the operating system core itself.
Security Fix(es):
(CVE-2023-3865)
(CVE-2023-3866)
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.(CVE-2023-4132)
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.(CVE-2023-4273)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for kernel is now available for openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">kernel</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1614</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-3865</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-3866</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4132</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4273</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-3865</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-3866</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-4132</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-4273</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="kernel-devel-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-devel-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-debuginfo-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-debuginfo-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-source-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-source-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="bpftool-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-devel-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-devel-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="perf-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-debugsource-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debugsource-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-debuginfo-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-debuginfo-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-headers-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-headers-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="perf-debuginfo-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-debuginfo-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="bpftool-debuginfo-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-debuginfo-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-debuginfo-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debuginfo-5.10.0-60.110.0.137.oe2203.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="kernel-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.110.0.137.oe2203.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="python3-perf-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="perf-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-debuginfo-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-debuginfo-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-devel-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-devel-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="bpftool-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-debuginfo-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-debuginfo-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-devel-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-devel-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-debugsource-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debugsource-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-debuginfo-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debuginfo-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="bpftool-debuginfo-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-debuginfo-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="perf-debuginfo-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-debuginfo-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-headers-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-headers-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-source-5.10.0-60.110.0.137" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-source-5.10.0-60.110.0.137.oe2203.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en"></Note>
</Notes>
<ReleaseDate>2023-09-09</ReleaseDate>
<CVE>CVE-2023-3865</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.1</BaseScore>
<Vector>AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2023-09-09</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1614</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en"></Note>
</Notes>
<ReleaseDate>2023-09-09</ReleaseDate>
<CVE>CVE-2023-3866</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.9</BaseScore>
<Vector>AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2023-09-09</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1614</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.</Note>
</Notes>
<ReleaseDate>2023-09-09</ReleaseDate>
<CVE>CVE-2023-4132</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.5</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2023-09-09</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1614</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.</Note>
</Notes>
<ReleaseDate>2023-09-09</ReleaseDate>
<CVE>CVE-2023-4273</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.7</BaseScore>
<Vector>AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2023-09-09</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1614</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink