{
  "id": "openEuler-SA-2022-1677",
  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1677",
  "title": "An update for kernel is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
  "severity": "Important",
  "description": "The Linux Kernel, the operating system core itself.\n\n\n\nSecurity Fix(es):\n\nA NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.(CVE-2022-1205)\n\nUAF causes the system to crash Exploit conditions: The root user reduces the reference count of drm_vgem_gem_object through ioctl$DRM_IOCTL_MODE_DESTROY_DUMB, and vgem_gem_dumb_create will access the released drm_vgem_gem_object Technical reason: The gpu driver can reduce the reference count of drm_vgem_gem_object through ioctl Concurrency causes uaf judgment method: CONFIG_DRM is not configured No circumvention measures are involved: none(CVE-2022-1419)\n\nA concurrency use-after-free issue was discovered between reset_interrupt and floppy_end_request in the latest kernel version (5.17.5 for now).    The root cause is that after deallocating current_req in floppy_end_request, reset_interrupt still holds the freed current_req->error_count and accesses it concurrently.(CVE-2022-1652)",
  "cves": [
    {
      "id": "CVE-2022-1652",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1652",
      "severity": "Moderate"
    }
  ]
}