An update for kernel is now available for openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-2015
Final
1.0
1.0
2022-10-21
Initial
2022-10-21
2022-10-21
openEuler SA Tool V1.0
2022-10-21
kernel security update
An update for kernel is now available for openEuler-22.03-LTS.
The Linux Kernel, the operating system core itself.
Security Fix(es):
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.(CVE-2022-1184)
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition(CVE-2022-3303)
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.(CVE-2022-41849)
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel(CVE-2022-20421)
In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel(CVE-2022-20422)
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.(CVE-2022-3435)
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.(CVE-2022-41674)
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.(CVE-2022-41850)
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.(CVE-2022-42703)
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.(CVE-2022-42719)
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.(CVE-2022-42720)
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.(CVE-2022-42721)
An update for kernel is now available for openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
kernel
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1184
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3303
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-41849
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-20421
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-20422
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3435
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-41674
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-41850
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-42703
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-42719
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-42720
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-42721
https://nvd.nist.gov/vuln/detail/CVE-2022-1184
https://nvd.nist.gov/vuln/detail/CVE-2022-3303
https://nvd.nist.gov/vuln/detail/CVE-2022-41849
https://nvd.nist.gov/vuln/detail/CVE-2022-20421
https://nvd.nist.gov/vuln/detail/CVE-2022-20422
https://nvd.nist.gov/vuln/detail/CVE-2022-3435
https://nvd.nist.gov/vuln/detail/CVE-2022-41674
https://nvd.nist.gov/vuln/detail/CVE-2022-41850
https://nvd.nist.gov/vuln/detail/CVE-2022-42703
https://nvd.nist.gov/vuln/detail/CVE-2022-42719
https://nvd.nist.gov/vuln/detail/CVE-2022-42720
https://nvd.nist.gov/vuln/detail/CVE-2022-42721
openEuler-22.03-LTS
kernel-debugsource-5.10.0-60.61.0.88.oe2203.aarch64.rpm
kernel-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm
kernel-tools-5.10.0-60.61.0.88.oe2203.aarch64.rpm
bpftool-5.10.0-60.61.0.88.oe2203.aarch64.rpm
kernel-source-5.10.0-60.61.0.88.oe2203.aarch64.rpm
perf-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm
bpftool-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm
perf-5.10.0-60.61.0.88.oe2203.aarch64.rpm
kernel-devel-5.10.0-60.61.0.88.oe2203.aarch64.rpm
kernel-headers-5.10.0-60.61.0.88.oe2203.aarch64.rpm
python3-perf-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm
python3-perf-5.10.0-60.61.0.88.oe2203.aarch64.rpm
kernel-5.10.0-60.61.0.88.oe2203.aarch64.rpm
kernel-tools-devel-5.10.0-60.61.0.88.oe2203.aarch64.rpm
kernel-tools-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm
kernel-5.10.0-60.61.0.88.oe2203.src.rpm
kernel-tools-devel-5.10.0-60.61.0.88.oe2203.x86_64.rpm
kernel-debugsource-5.10.0-60.61.0.88.oe2203.x86_64.rpm
kernel-source-5.10.0-60.61.0.88.oe2203.x86_64.rpm
kernel-tools-5.10.0-60.61.0.88.oe2203.x86_64.rpm
kernel-headers-5.10.0-60.61.0.88.oe2203.x86_64.rpm
bpftool-5.10.0-60.61.0.88.oe2203.x86_64.rpm
kernel-devel-5.10.0-60.61.0.88.oe2203.x86_64.rpm
kernel-tools-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm
kernel-5.10.0-60.61.0.88.oe2203.x86_64.rpm
perf-5.10.0-60.61.0.88.oe2203.x86_64.rpm
bpftool-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm
kernel-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm
python3-perf-5.10.0-60.61.0.88.oe2203.x86_64.rpm
python3-perf-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm
perf-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
2022-10-21
CVE-2022-1184
openEuler-22.03-LTS
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition
2022-10-21
CVE-2022-3303
openEuler-22.03-LTS
Medium
4.7
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
2022-10-21
CVE-2022-41849
openEuler-22.03-LTS
Medium
4.2
AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel
2022-10-21
CVE-2022-20421
openEuler-22.03-LTS
High
7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel
2022-10-21
CVE-2022-20422
openEuler-22.03-LTS
High
7.0
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.
2022-10-21
CVE-2022-3435
openEuler-22.03-LTS
Medium
4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
2022-10-21
CVE-2022-41674
openEuler-22.03-LTS
High
8.1
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
2022-10-21
CVE-2022-41850
openEuler-22.03-LTS
Medium
4.7
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
2022-10-21
CVE-2022-42703
openEuler-22.03-LTS
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
2022-10-21
CVE-2022-42719
openEuler-22.03-LTS
High
8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
2022-10-21
CVE-2022-42720
openEuler-22.03-LTS
High
7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
2022-10-21
CVE-2022-42721
openEuler-22.03-LTS
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-10-21
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015