An update for kernel is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1035 Final 1.0 1.0 2023-01-13 Initial 2023-01-13 2023-01-13 openEuler SA Tool V1.0 2023-01-13 kernel security update An update for kernel is now available for openEuler-22.03-LTS. Security Fix(es): An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.(CVE-2022-2873) An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.(CVE-2022-3903) An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.(CVE-2022-3104) An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().(CVE-2022-3111) An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.(CVE-2022-3107) An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.(CVE-2022-3112) An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.(CVE-2022-3113) An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.(CVE-2022-3115) An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.(CVE-2022-3114) A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a(CVE-2022-2196) An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.(CVE-2022-47942) An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.(CVE-2022-47940) An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.(CVE-2022-47943) An update for kernel is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2873 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3903 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3104 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3111 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3107 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3112 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3113 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3115 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3114 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2196 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-47942 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-47940 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-47943 https://nvd.nist.gov/vuln/detail/CVE-2022-2873 https://nvd.nist.gov/vuln/detail/CVE-2022-3903 https://nvd.nist.gov/vuln/detail/CVE-2022-3104 https://nvd.nist.gov/vuln/detail/CVE-2022-3111 https://nvd.nist.gov/vuln/detail/CVE-2022-3107 https://nvd.nist.gov/vuln/detail/CVE-2022-3112 https://nvd.nist.gov/vuln/detail/CVE-2022-3113 https://nvd.nist.gov/vuln/detail/CVE-2022-3115 https://nvd.nist.gov/vuln/detail/CVE-2022-3114 https://nvd.nist.gov/vuln/detail/CVE-2022-2196 https://nvd.nist.gov/vuln/detail/CVE-2022-47942 https://nvd.nist.gov/vuln/detail/CVE-2022-47940 https://nvd.nist.gov/vuln/detail/CVE-2022-47943 openEuler-22.03-LTS kernel-tools-debuginfo-5.10.0-60.77.0.101.oe2203.aarch64.rpm kernel-devel-5.10.0-60.77.0.101.oe2203.aarch64.rpm kernel-debugsource-5.10.0-60.77.0.101.oe2203.aarch64.rpm perf-5.10.0-60.77.0.101.oe2203.aarch64.rpm python3-perf-5.10.0-60.77.0.101.oe2203.aarch64.rpm kernel-5.10.0-60.77.0.101.oe2203.aarch64.rpm kernel-tools-5.10.0-60.77.0.101.oe2203.aarch64.rpm bpftool-5.10.0-60.77.0.101.oe2203.aarch64.rpm kernel-tools-devel-5.10.0-60.77.0.101.oe2203.aarch64.rpm perf-debuginfo-5.10.0-60.77.0.101.oe2203.aarch64.rpm bpftool-debuginfo-5.10.0-60.77.0.101.oe2203.aarch64.rpm kernel-source-5.10.0-60.77.0.101.oe2203.aarch64.rpm python3-perf-debuginfo-5.10.0-60.77.0.101.oe2203.aarch64.rpm kernel-headers-5.10.0-60.77.0.101.oe2203.aarch64.rpm kernel-debuginfo-5.10.0-60.77.0.101.oe2203.aarch64.rpm kernel-5.10.0-60.77.0.101.oe2203.src.rpm kernel-debuginfo-5.10.0-60.77.0.101.oe2203.x86_64.rpm kernel-tools-debuginfo-5.10.0-60.77.0.101.oe2203.x86_64.rpm python3-perf-debuginfo-5.10.0-60.77.0.101.oe2203.x86_64.rpm perf-5.10.0-60.77.0.101.oe2203.x86_64.rpm kernel-source-5.10.0-60.77.0.101.oe2203.x86_64.rpm python3-perf-5.10.0-60.77.0.101.oe2203.x86_64.rpm kernel-tools-devel-5.10.0-60.77.0.101.oe2203.x86_64.rpm kernel-5.10.0-60.77.0.101.oe2203.x86_64.rpm bpftool-debuginfo-5.10.0-60.77.0.101.oe2203.x86_64.rpm bpftool-5.10.0-60.77.0.101.oe2203.x86_64.rpm kernel-tools-5.10.0-60.77.0.101.oe2203.x86_64.rpm kernel-headers-5.10.0-60.77.0.101.oe2203.x86_64.rpm perf-debuginfo-5.10.0-60.77.0.101.oe2203.x86_64.rpm kernel-debugsource-5.10.0-60.77.0.101.oe2203.x86_64.rpm kernel-devel-5.10.0-60.77.0.101.oe2203.x86_64.rpm An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. 2023-01-13 CVE-2022-2873 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. 2023-01-13 CVE-2022-3903 openEuler-22.03-LTS Medium 4.6 AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference. 2023-01-13 CVE-2022-3104 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). 2023-01-13 CVE-2022-3111 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. 2023-01-13 CVE-2022-3107 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. 2023-01-13 CVE-2022-3112 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference. 2023-01-13 CVE-2022-3113 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. 2023-01-13 CVE-2022-3115 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference. 2023-01-13 CVE-2022-3114 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a 2023-01-13 CVE-2022-2196 openEuler-22.03-LTS Low 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command. 2023-01-13 CVE-2022-47942 openEuler-22.03-LTS High 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write. 2023-01-13 CVE-2022-47940 openEuler-22.03-LTS High 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035 An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. 2023-01-13 CVE-2022-47943 openEuler-22.03-LTS High 8.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H kernel security update 2023-01-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1035