StarlingX

[Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156/CVE-2023-34256: kernel: multiple CVEs

Bug #2021927 reported by Yue Tao on 2023-05-31

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Peng Zhang

Bug Description

CVE-2023-32233: https://nvd.nist.gov/vuln/detail/CVE-2023-32233

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

CVE-2023-31436: https://nvd.nist.gov/vuln/detail/CVE-2023-31436

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

CVE-2023-2513: https://nvd.nist.gov/vuln/detail/CVE-2023-2513

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.

CVE-2023-1859: https://nvd.nist.gov/vuln/detail/CVE-2023-1859

A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.

CVE-2023-2156: https://nvd.nist.gov/vuln/detail/CVE-2023-2156

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.

CVE-2023-34256: https://nvd.nist.gov/vuln/detail/CVE-2023-34256

DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access.

Base Score: High

References:

linux_5.10.180

See original description

Tags:

CVE References

Yue Tao (wrytao) on 2023-05-31

tags:	added: stx.9.0 stx.security
summary:	- [Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-31436/CVE-2023-1859: + [Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859: kernel: multiple CVEs

Peng Zhang (pzhang2) on 2023-06-04

Changed in starlingx:
assignee:	nobody → Peng Zhang (pzhang2)
status:	Triaged → In Progress

Yue Tao (wrytao) on 2023-06-06

summary:

- [Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859:
+ [Debian]
+ CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156:
kernel: multiple CVEs

Yue Tao (wrytao) on 2023-06-08

description:	updated
summary:	[Debian] - CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156: + CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156/CVE-2023-34256: kernel: multiple CVEs

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-09: Fix proposed to kernel (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/kernel/+/885755

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-09: Fix merged to kernel (master)

Reviewed: https://review.opendev.org/c/starlingx/kernel/+/885755
Committed: https://opendev.org/starlingx/kernel/commit/734233561cf5c777fc3d612e9c579f7c4151af10
Submitter: "Zuul (22348)"
Branch: master

commit 734233561cf5c777fc3d612e9c579f7c4151af10
Author: Peng Zhang <email address hidden>
Date: Fri Jun 9 22:31:33 2023 +0800

Update kernel to v5.10.180

    This commit updates kernel to 5.10.180 to fix following CVE issue:
    CVE-2023-32233: https://nvd.nist.gov/vuln/detail/CVE-2023-32233
    CVE-2023-31436: https://nvd.nist.gov/vuln/detail/CVE-2023-31436
    CVE-2023-2513: https://nvd.nist.gov/vuln/detail/CVE-2023-2513
    CVE-2023-1859: https://nvd.nist.gov/vuln/detail/CVE-2023-1859
    CVE-2023-34256: https://nvd.nist.gov/vuln/detail/CVE-2023-34256

    One of our source patches requires refresh against the new kernel
    source. It was deleted for content has been contained in the new
    kernel:
           xfs-drop-submit-side-trans-alloc-for-append-ioends.patch

    Verification:
    - Build kernel and out of tree modules success for rt and std.
    - Build iso success for rt and std.
    - Install success onto a AIO-DX lab with rt kernel.
    - Boot up successfully in the lab.
    - The sanity testing was done by our test team and no regression
      defect was found.
    - The cyclictest benchmark was also run on the starlingx lab, the
      result is "samples: 259200000 avg: 1660 max: 10167 99.9999th
      percentile: 2527 overflows: 0", It is not big difference with
      5.10.177 for avg and max.

    Closes-Bug: 2021927
    Change-Id: Ia676889d752715dc404132ed66e2f2ddb7d17d62
    Signed-off-by: Peng Zhang <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.