操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2023-2225)

摘要:

kernel security update

安全等级: Medium

公告ID: KylinSec-SA-2023-2225

发布日期: 2023年8月12日

关联CVE: CVE-2023-3863 CVE-2023-4132

详细介绍

1. 漏洞描述

The Linux Kernel, the operating system core itself.

Security Fix(es):

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.(CVE-2023-3863)

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.(CVE-2023-4132)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2023-3863	KY3.4-5A	kernel	Fixed
CVE-2023-4132	KY3.4-5A	kernel	Fixed

3. 影响组件

kernel

4. 修复版本

KY3.4-5A

软件名称	架构	版本号
kernel-source	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-tools-devel	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
perf	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
python3-perf	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-tools	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
python2-perf	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
bpftool	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-devel	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-tools-devel	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-tools	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
bpftool	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-source	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
python3-perf	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
perf	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
python2-perf	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-devel	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4