An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1495
Final
1.0
1.0
2022-01-22
Initial
2022-01-22
2022-01-22
openEuler SA Tool V1.0
2022-01-22
kernel security update
An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
The Linux Kernel, the operating system core itself.
Security Fix(es):
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.(CVE-2021-4203)
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel.(CVE-2021-39633)
An unprivileged write to the file handler flaw in the Linux kernel s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.(CVE-2021-4197)
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.(CVE-2021-4202)
An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
kernel
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1495
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4203
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-39633
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4197
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4202
https://nvd.nist.gov/vuln/detail/CVE-2021-4203
https://nvd.nist.gov/vuln/detail/CVE-2021-39633
https://nvd.nist.gov/vuln/detail/CVE-2021-4197
https://nvd.nist.gov/vuln/detail/CVE-2021-4202
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
kernel-source-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
python2-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-tools-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
python3-perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
python3-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-tools-devel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
python2-perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
bpftool-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-debugsource-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-devel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
bpftool-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
python2-perf-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
kernel-devel-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
python2-perf-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
kernel-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
python3-perf-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
bpftool-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
kernel-debugsource-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
bpftool-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
kernel-tools-devel-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
kernel-source-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
kernel-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
kernel-tools-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
perf-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
perf-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
python3-perf-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm
kernel-debugsource-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
bpftool-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-devel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
python2-perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
python2-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
python3-perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-tools-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-source-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-tools-devel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
bpftool-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
python3-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm
kernel-4.19.90-2201.3.0.0134.oe1.src.rpm
kernel-4.19.90-2201.3.0.0133.oe1.src.rpm
kernel-4.19.90-2201.3.0.0134.oe1.src.rpm
bpftool-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
python3-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-tools-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-devel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
python2-perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-debugsource-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
python2-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
python3-perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
bpftool-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-tools-devel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-source-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-tools-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
kernel-debugsource-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
kernel-tools-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
kernel-tools-devel-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
kernel-devel-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
python2-perf-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
perf-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
perf-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
python2-perf-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
kernel-source-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
bpftool-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
python3-perf-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
kernel-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
bpftool-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
python3-perf-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
kernel-tools-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm
kernel-tools-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-devel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
python2-perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
python3-perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-tools-devel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
bpftool-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
python2-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-source-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-tools-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
kernel-debugsource-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
bpftool-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
python3-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
2022-01-22
CVE-2021-4203
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
6.8
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
kernel security update
2022-01-22
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1495
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel
2022-01-22
CVE-2021-39633
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
High
8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-01-22
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1495
An unprivileged write to the file handler flaw in the Linux kernel s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
2022-01-22
CVE-2021-4197
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
6.3
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
kernel security update
2022-01-22
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1495
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.
2022-01-22
CVE-2021-4202
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
High
7.0
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-01-22
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1495