An update for kernel is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2015 Final 1.0 1.0 2022-10-21 Initial 2022-10-21 2022-10-21 openEuler SA Tool V1.0 2022-10-21 kernel security update An update for kernel is now available for openEuler-22.03-LTS. The Linux Kernel, the operating system core itself. Security Fix(es): A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.(CVE-2022-1184) A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition(CVE-2022-3303) drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.(CVE-2022-41849) In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel(CVE-2022-20421) In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel(CVE-2022-20422) A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.(CVE-2022-3435) An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.(CVE-2022-41674) roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.(CVE-2022-41850) mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.(CVE-2022-42703) A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.(CVE-2022-42719) Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.(CVE-2022-42720) A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.(CVE-2022-42721) An update for kernel is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1184 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3303 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-41849 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-20421 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-20422 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3435 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-41674 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-41850 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-42703 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-42719 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-42720 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-42721 https://nvd.nist.gov/vuln/detail/CVE-2022-1184 https://nvd.nist.gov/vuln/detail/CVE-2022-3303 https://nvd.nist.gov/vuln/detail/CVE-2022-41849 https://nvd.nist.gov/vuln/detail/CVE-2022-20421 https://nvd.nist.gov/vuln/detail/CVE-2022-20422 https://nvd.nist.gov/vuln/detail/CVE-2022-3435 https://nvd.nist.gov/vuln/detail/CVE-2022-41674 https://nvd.nist.gov/vuln/detail/CVE-2022-41850 https://nvd.nist.gov/vuln/detail/CVE-2022-42703 https://nvd.nist.gov/vuln/detail/CVE-2022-42719 https://nvd.nist.gov/vuln/detail/CVE-2022-42720 https://nvd.nist.gov/vuln/detail/CVE-2022-42721 openEuler-22.03-LTS kernel-debugsource-5.10.0-60.61.0.88.oe2203.aarch64.rpm kernel-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm kernel-tools-5.10.0-60.61.0.88.oe2203.aarch64.rpm bpftool-5.10.0-60.61.0.88.oe2203.aarch64.rpm kernel-source-5.10.0-60.61.0.88.oe2203.aarch64.rpm perf-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm bpftool-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm perf-5.10.0-60.61.0.88.oe2203.aarch64.rpm kernel-devel-5.10.0-60.61.0.88.oe2203.aarch64.rpm kernel-headers-5.10.0-60.61.0.88.oe2203.aarch64.rpm python3-perf-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm python3-perf-5.10.0-60.61.0.88.oe2203.aarch64.rpm kernel-5.10.0-60.61.0.88.oe2203.aarch64.rpm kernel-tools-devel-5.10.0-60.61.0.88.oe2203.aarch64.rpm kernel-tools-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm kernel-5.10.0-60.61.0.88.oe2203.src.rpm kernel-tools-devel-5.10.0-60.61.0.88.oe2203.x86_64.rpm kernel-debugsource-5.10.0-60.61.0.88.oe2203.x86_64.rpm kernel-source-5.10.0-60.61.0.88.oe2203.x86_64.rpm kernel-tools-5.10.0-60.61.0.88.oe2203.x86_64.rpm kernel-headers-5.10.0-60.61.0.88.oe2203.x86_64.rpm bpftool-5.10.0-60.61.0.88.oe2203.x86_64.rpm kernel-devel-5.10.0-60.61.0.88.oe2203.x86_64.rpm kernel-tools-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm kernel-5.10.0-60.61.0.88.oe2203.x86_64.rpm perf-5.10.0-60.61.0.88.oe2203.x86_64.rpm bpftool-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm kernel-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm python3-perf-5.10.0-60.61.0.88.oe2203.x86_64.rpm python3-perf-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm perf-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. 2022-10-21 CVE-2022-1184 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition 2022-10-21 CVE-2022-3303 openEuler-22.03-LTS Medium 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. 2022-10-21 CVE-2022-41849 openEuler-22.03-LTS Medium 4.2 AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel 2022-10-21 CVE-2022-20421 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel 2022-10-21 CVE-2022-20422 openEuler-22.03-LTS High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. 2022-10-21 CVE-2022-3435 openEuler-22.03-LTS Medium 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. 2022-10-21 CVE-2022-41674 openEuler-22.03-LTS High 8.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. 2022-10-21 CVE-2022-41850 openEuler-22.03-LTS Medium 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. 2022-10-21 CVE-2022-42703 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. 2022-10-21 CVE-2022-42719 openEuler-22.03-LTS High 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. 2022-10-21 CVE-2022-42720 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015 A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. 2022-10-21 CVE-2022-42721 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-10-21 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2015