操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2023-2254)

摘要:

kernel security update

安全等级: Medium

公告ID: KylinSec-SA-2023-2254

发布日期: 2023年6月27日

关联CVE: CVE-2023-31084 CVE-2023-2985

详细介绍

1. 漏洞描述

The Linux Kernel, the operating system core itself.

Security Fix(es):

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.(CVE-2023-31084)

A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.(CVE-2023-2985)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2023-31084	KY3.4-5A	kernel	Fixed
CVE-2023-2985	KY3.4-5A	kernel	Fixed

3. 影响组件

kernel

4. 修复版本

KY3.4-5A

软件名称	架构	版本号
kernel-source	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-tools	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
perf	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-tools-devel	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
python3-perf	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
python2-perf	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
bpftool	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-devel	x86_64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
bpftool	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-devel	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
perf	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
python3-perf	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-tools	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-tools-devel	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
kernel-source	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4
python2-perf	aarch64	4.19.90-2309.3.0.0218.kb1.ky3_4