14 lines
1.5 KiB
JSON
14 lines
1.5 KiB
JSON
{
|
||
"id": "openEuler-SA-2022-1677",
|
||
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1677",
|
||
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
||
"severity": "Important",
|
||
"description": "The Linux Kernel, the operating system core itself.\n\n\n\nSecurity Fix(es):\n\nA NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.(CVE-2022-1205)\n\nUAF causes the system to crash Exploit conditions: The root user reduces the reference count of drm_vgem_gem_object through ioctl$DRM_IOCTL_MODE_DESTROY_DUMB, and vgem_gem_dumb_create will access the released drm_vgem_gem_object Technical reason: The gpu driver can reduce the reference count of drm_vgem_gem_object through ioctl Concurrency causes uaf judgment method: CONFIG_DRM is not configured No circumvention measures are involved: none(CVE-2022-1419)\n\nA concurrency use-after-free issue was discovered between reset_interrupt and floppy_end_request in the latest kernel version (5.17.5 for now). The root cause is that after deallocating current_req in floppy_end_request, reset_interrupt still holds the freed current_req->error_count and accesses it concurrently.(CVE-2022-1652)",
|
||
"cves": [
|
||
{
|
||
"id": "CVE-2022-1652",
|
||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1652",
|
||
"severity": "Moderate"
|
||
}
|
||
]
|
||
} |