An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1495 Final 1.0 1.0 2022-01-22 Initial 2022-01-22 2022-01-22 openEuler SA Tool V1.0 2022-01-22 kernel security update An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. The Linux Kernel, the operating system core itself. Security Fix(es): A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.(CVE-2021-4203) In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel.(CVE-2021-39633) An unprivileged write to the file handler flaw in the Linux kernel s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.(CVE-2021-4197) A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.(CVE-2021-4202) An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1495 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4203 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-39633 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4197 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4202 https://nvd.nist.gov/vuln/detail/CVE-2021-4203 https://nvd.nist.gov/vuln/detail/CVE-2021-39633 https://nvd.nist.gov/vuln/detail/CVE-2021-4197 https://nvd.nist.gov/vuln/detail/CVE-2021-4202 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 kernel-source-4.19.90-2201.3.0.0134.oe1.aarch64.rpm python2-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-tools-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm python3-perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm python2-perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-tools-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm bpftool-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-debugsource-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-devel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm bpftool-4.19.90-2201.3.0.0134.oe1.aarch64.rpm python2-perf-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm kernel-devel-4.19.90-2201.3.0.0133.oe1.aarch64.rpm python2-perf-4.19.90-2201.3.0.0133.oe1.aarch64.rpm kernel-4.19.90-2201.3.0.0133.oe1.aarch64.rpm python3-perf-4.19.90-2201.3.0.0133.oe1.aarch64.rpm bpftool-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm kernel-debugsource-4.19.90-2201.3.0.0133.oe1.aarch64.rpm bpftool-4.19.90-2201.3.0.0133.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2201.3.0.0133.oe1.aarch64.rpm kernel-source-4.19.90-2201.3.0.0133.oe1.aarch64.rpm kernel-tools-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm kernel-tools-4.19.90-2201.3.0.0133.oe1.aarch64.rpm perf-4.19.90-2201.3.0.0133.oe1.aarch64.rpm perf-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2201.3.0.0133.oe1.aarch64.rpm kernel-debugsource-4.19.90-2201.3.0.0134.oe1.aarch64.rpm bpftool-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-devel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-tools-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm python2-perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm python2-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm python3-perf-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-tools-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-source-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2201.3.0.0134.oe1.aarch64.rpm bpftool-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.aarch64.rpm kernel-4.19.90-2201.3.0.0134.oe1.src.rpm kernel-4.19.90-2201.3.0.0133.oe1.src.rpm kernel-4.19.90-2201.3.0.0134.oe1.src.rpm bpftool-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-devel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm python2-perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-debugsource-4.19.90-2201.3.0.0134.oe1.x86_64.rpm python2-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm python3-perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm bpftool-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-source-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-tools-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-4.19.90-2201.3.0.0133.oe1.x86_64.rpm kernel-debugsource-4.19.90-2201.3.0.0133.oe1.x86_64.rpm kernel-tools-4.19.90-2201.3.0.0133.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2201.3.0.0133.oe1.x86_64.rpm kernel-devel-4.19.90-2201.3.0.0133.oe1.x86_64.rpm python2-perf-4.19.90-2201.3.0.0133.oe1.x86_64.rpm perf-4.19.90-2201.3.0.0133.oe1.x86_64.rpm perf-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm python2-perf-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm kernel-source-4.19.90-2201.3.0.0133.oe1.x86_64.rpm bpftool-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm python3-perf-4.19.90-2201.3.0.0133.oe1.x86_64.rpm kernel-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm bpftool-4.19.90-2201.3.0.0133.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2201.3.0.0133.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-devel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm python2-perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm python3-perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm bpftool-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-4.19.90-2201.3.0.0134.oe1.x86_64.rpm perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm python2-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-source-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-tools-4.19.90-2201.3.0.0134.oe1.x86_64.rpm perf-4.19.90-2201.3.0.0134.oe1.x86_64.rpm kernel-debugsource-4.19.90-2201.3.0.0134.oe1.x86_64.rpm bpftool-4.19.90-2201.3.0.0134.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2201.3.0.0134.oe1.x86_64.rpm A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. 2022-01-22 CVE-2021-4203 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Medium 6.8 AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L kernel security update 2022-01-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1495 In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel 2022-01-22 CVE-2021-39633 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-01-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1495 An unprivileged write to the file handler flaw in the Linux kernel s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. 2022-01-22 CVE-2021-4197 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 Medium 6.3 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N kernel security update 2022-01-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1495 A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. 2022-01-22 CVE-2021-4202 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-01-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1495