An update for kernel is now available for HCE 2.0 Security Advisory hws_security@huawei.com Huawei Cloud HCE2-SA-2023-0127 Final 1.0 1.0 2023-03-27T08:19:22:00Z current version 2023-03-27T08:19:22:00Z 2023-03-27T08:19:22:00Z HCE SA Engine 1.0.0 An update for kernel is now available for HCE 2.0 HCE Security has rated this update as having a security impact of Important.A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Security Fix(es): A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196) In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545) A flaw in the Linux Kernel found. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.Reference:https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb (CVE-2023-1075) In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. (CVE-2022-47929) An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq. (CVE-2022-47946) A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394) A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system. (CVE-2022-4842) The Linux kernel does not correctly mitigate SMT attacks, as discovered through a strange pattern in the kernel API using STIBP as a mitigation, leaving the process exposed for a short period of time after a syscall. The kernel also does not issue an IBPB immediately during the syscall. (CVE-2023-0045) A flaw found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. (CVE-2023-1076) A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. (CVE-2023-0597) A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-3424) In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. (CVE-2023-22995) atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23455) There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461) There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above (CVE-2022-4696) A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-1073) cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454) A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. (CVE-2023-0590) A memory leak flaw was found in the Linux kernel’s Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. (CVE-2023-1074) In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel (CVE-2023-20928) A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. (CVE-2022-4269) When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. (CVE-2022-27672) A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. (CVE-2022-3707) A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. (CVE-2023-0179) A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2023-1118) In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218) A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. (CVE-2022-4662) This document is provided on an "AS IS" basis and does not implyany kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no eventshall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by any means, is totally at your own risk. Huawei is entitled to amend or update this document from time to time. The information and data embodied in this document and any attachment are strictly confidential information of Huawei and are supplied on the understanding that they will be held confidentially and not disclosed to third parties without the prior written consent of Huawei. Use all reasonable efforts to protect the confidentiality of information. In particular, do not directly or indirectly disclose, allow access to, transmit or transfer information to a third party without our prior written consent. Thank you for your co-operation. Receipt of this security advisory shall be deemed as your consent of the terms and conditions above. Huawei Cloud EulerOS 2.0 kernel This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2196 CVE-2022-2196 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2196 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26545 CVE-2023-26545 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26545 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1075 CVE-2023-1075 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1075 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47929 CVE-2022-47929 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47929 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47946 CVE-2022-47946 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47946 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0394 CVE-2023-0394 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0394 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4842 CVE-2022-4842 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4842 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0045 CVE-2023-0045 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0045 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1076 CVE-2023-1076 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1076 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0597 CVE-2023-0597 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0597 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3424 CVE-2022-3424 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3424 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22995 CVE-2023-22995 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22995 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23455 CVE-2023-23455 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23455 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0461 CVE-2023-0461 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0461 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4696 CVE-2022-4696 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4696 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1073 CVE-2023-1073 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1073 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23454 CVE-2023-23454 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23454 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0590 CVE-2023-0590 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0590 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1074 CVE-2023-1074 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1074 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20928 CVE-2023-20928 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20928 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4269 CVE-2022-4269 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4269 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27672 CVE-2022-27672 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27672 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3707 CVE-2022-3707 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3707 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0179 CVE-2023-0179 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0179 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1118 CVE-2023-1118 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1118 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41218 CVE-2022-41218 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41218 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4662 CVE-2022-4662 HCE 2.0:kernel-5.10.0-60.18.0.50.r865_35.hce2 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4662 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H