jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d1132d88d2
cvrf2cusa/cvrf/2022/cvrf-openEuler-SA-2022-1893.xml

307 lines
19 KiB
XML
Raw Normal View History

增加测试用的配置和目录 Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-02 07:51:55 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for kernel is now available for openEuler-22.03-LTS</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2022-1893</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2022-09-07</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2022-09-07</InitialReleaseDate>
<CurrentReleaseDate>2022-09-07</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2022-09-07</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">kernel security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for kernel is now available for openEuler-22.03-LTS.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">
Security Fix(es):
An out-of-bounds read flaw was found in the Linux kernels TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.(CVE-2022-1462)
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5(CVE-2022-2503)
A race condition was found in the Linux kernel&apos;s watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.(CVE-2022-2959)
A flaw was found in the kernels implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f(CVE-2022-2977)
The linux kernels driver for the &quot;ASIX AX88179_178A based USB 2.0/3.0 Gigabit Ethernet Devices&quot; contains multiple out-of-bounds reads and possible writes in the ax88179_rx_fixup() function.
References:
https://www.spinics.net/lists/stable/msg536418.html
Upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581(CVE-2022-2964)
A race condition was found in the Linux kernel&apos;s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.(CVE-2022-3028)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for kernel is now available for openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">kernel</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1462</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2503</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2959</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2977</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2964</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3028</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-1462</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-2503</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-2959</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-2977</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-2964</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-3028</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="bpftool-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-devel-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-devel-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-debuginfo-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-debuginfo-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-debugsource-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debugsource-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-devel-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-devel-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="perf-debuginfo-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-debuginfo-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="perf-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-source-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-source-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-debuginfo-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-debuginfo-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="bpftool-debuginfo-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-debuginfo-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-headers-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-headers-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="kernel-debuginfo-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debuginfo-5.10.0-60.54.0.82.oe2203.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="kernel-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.54.0.82.oe2203.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="kernel-tools-devel-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-devel-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="perf-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-debugsource-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debugsource-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-debuginfo-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debuginfo-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="perf-debuginfo-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-debuginfo-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-debuginfo-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-debuginfo-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-tools-debuginfo-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-debuginfo-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="bpftool-debuginfo-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-debuginfo-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-headers-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-headers-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-source-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-source-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="kernel-devel-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-devel-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="bpftool-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="python3-perf-5.10.0-60.54.0.82" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-5.10.0-60.54.0.82.oe2203.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">An out-of-bounds read flaw was found in the Linux kernels TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.</Note>
</Notes>
<ReleaseDate>2022-09-07</ReleaseDate>
<CVE>CVE-2022-1462</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.3</BaseScore>
<Vector>AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2022-09-07</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5</Note>
</Notes>
<ReleaseDate>2022-09-07</ReleaseDate>
<CVE>CVE-2022-2503</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.7</BaseScore>
<Vector>AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2022-09-07</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">A race condition was found in the Linux kernel s watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.</Note>
</Notes>
<ReleaseDate>2022-09-07</ReleaseDate>
<CVE>CVE-2022-2959</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.0</BaseScore>
<Vector>AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2022-09-07</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">A flaw was found in the kernels implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.References:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f</Note>
</Notes>
<ReleaseDate>2022-09-07</ReleaseDate>
<CVE>CVE-2022-2977</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.8</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2022-09-07</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="5" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">The linux kernels driver for the ASIX AX88179_178A based USB 2.0/3.0 Gigabit Ethernet Devices contains multiple out-of-bounds reads and possible writes in the ax88179_rx_fixup() function. References:https://www.spinics.net/lists/stable/msg536418.htmlUpstream commit:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581</Note>
</Notes>
<ReleaseDate>2022-09-07</ReleaseDate>
<CVE>CVE-2022-2964</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.8</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2022-09-07</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="6" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="6" xml:lang="en">A race condition was found in the Linux kernel&apos;s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.</Note>
</Notes>
<ReleaseDate>2022-09-07</ReleaseDate>
<CVE>CVE-2022-3028</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.7</BaseScore>
<Vector>AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>kernel security update</Description>
<DATE>2022-09-07</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue Copy Permalink