{"schema_version":"1.7.2","id":"OESA-2026-1504","modified":"2026-03-06T12:41:32Z","published":"2026-03-06T12:41:32Z","upstream":["CVE-2023-53577","CVE-2026-23216"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n  CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n  Workqueue: events cpu_map_kthread_stop\n  RIP: 0010:put_cpu_map_entry+0xda/0x220\n  ......\n  Call Trace:\n   <TASK>\n   ? show_regs+0x65/0x70\n   ? __warn+0xa5/0x240\n   ......\n   ? put_cpu_map_entry+0xda/0x220\n   cpu_map_kthread_stop+0x41/0x60\n   process_one_work+0x6b0/0xb80\n   worker_thread+0x96/0x720\n   kthread+0x1a5/0x1f0\n   ret_from_fork+0x3a/0x70\n   ret_from_fork_asm+0x1b/0x30\n   </TASK>\n\nThe root cause is the same as commit 436901649731 ("bpf: cpumap: Fix memory\nleak in cpu_map_update_elem"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn't call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.(CVE-2023-53577)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()\n\nIn iscsit_dec_conn_usage_count(), the function calls complete() while\nholding the conn->conn_usage_lock. As soon as complete() is invoked, the\nwaiter (such as iscsit_close_connection()) may wake up and proceed to free\nthe iscsit_conn structure.\n\nIf the waiter frees the memory before the current thread reaches\nspin_unlock_bh(), it results in a KASAN slab-use-after-free as the function\nattempts to release a lock within the already-freed connection structure.\n\nFix this by releasing the spinlock before calling complete().(CVE-2026-23216)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"kernel","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2603.1.0.0364.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["bpftool-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","bpftool-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","kernel-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","kernel-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","kernel-debugsource-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","kernel-devel-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","kernel-source-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","kernel-tools-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","kernel-tools-devel-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","perf-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","python2-perf-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","python2-perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","python3-perf-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm","python3-perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.aarch64.rpm"],"src":["kernel-4.19.90-2603.1.0.0364.oe2003sp4.src.rpm"],"x86_64":["bpftool-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","bpftool-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","kernel-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","kernel-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","kernel-debugsource-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","kernel-devel-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","kernel-source-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","kernel-tools-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","kernel-tools-devel-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","perf-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","python2-perf-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","python2-perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","python3-perf-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm","python3-perf-debuginfo-4.19.90-2603.1.0.0364.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1504"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53577"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23216"}],"database_specific":{"severity":"Medium"}}