An update for kernel is now available for openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1893
Final
1.0
1.0
2022-09-07
Initial
2022-09-07
2022-09-07
openEuler SA Tool V1.0
2022-09-07
kernel security update
An update for kernel is now available for openEuler-22.03-LTS.
Security Fix(es):
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.(CVE-2022-1462)
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5(CVE-2022-2503)
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.(CVE-2022-2959)
A flaw was found in the kernels implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f(CVE-2022-2977)
The linux kernels driver for the "ASIX AX88179_178A based USB 2.0/3.0 Gigabit Ethernet Devices" contains multiple out-of-bounds reads and possible writes in the ax88179_rx_fixup() function.
References:
https://www.spinics.net/lists/stable/msg536418.html
Upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581(CVE-2022-2964)
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.(CVE-2022-3028)
An update for kernel is now available for openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
kernel
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1462
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2503
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2959
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2977
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2964
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3028
https://nvd.nist.gov/vuln/detail/CVE-2022-1462
https://nvd.nist.gov/vuln/detail/CVE-2022-2503
https://nvd.nist.gov/vuln/detail/CVE-2022-2959
https://nvd.nist.gov/vuln/detail/CVE-2022-2977
https://nvd.nist.gov/vuln/detail/CVE-2022-2964
https://nvd.nist.gov/vuln/detail/CVE-2022-3028
openEuler-22.03-LTS
bpftool-5.10.0-60.54.0.82.oe2203.aarch64.rpm
kernel-tools-devel-5.10.0-60.54.0.82.oe2203.aarch64.rpm
kernel-tools-debuginfo-5.10.0-60.54.0.82.oe2203.aarch64.rpm
kernel-5.10.0-60.54.0.82.oe2203.aarch64.rpm
kernel-debugsource-5.10.0-60.54.0.82.oe2203.aarch64.rpm
kernel-devel-5.10.0-60.54.0.82.oe2203.aarch64.rpm
kernel-tools-5.10.0-60.54.0.82.oe2203.aarch64.rpm
perf-debuginfo-5.10.0-60.54.0.82.oe2203.aarch64.rpm
perf-5.10.0-60.54.0.82.oe2203.aarch64.rpm
python3-perf-5.10.0-60.54.0.82.oe2203.aarch64.rpm
kernel-source-5.10.0-60.54.0.82.oe2203.aarch64.rpm
python3-perf-debuginfo-5.10.0-60.54.0.82.oe2203.aarch64.rpm
bpftool-debuginfo-5.10.0-60.54.0.82.oe2203.aarch64.rpm
kernel-headers-5.10.0-60.54.0.82.oe2203.aarch64.rpm
kernel-debuginfo-5.10.0-60.54.0.82.oe2203.aarch64.rpm
kernel-5.10.0-60.54.0.82.oe2203.src.rpm
kernel-tools-devel-5.10.0-60.54.0.82.oe2203.x86_64.rpm
kernel-tools-5.10.0-60.54.0.82.oe2203.x86_64.rpm
perf-5.10.0-60.54.0.82.oe2203.x86_64.rpm
kernel-debugsource-5.10.0-60.54.0.82.oe2203.x86_64.rpm
kernel-debuginfo-5.10.0-60.54.0.82.oe2203.x86_64.rpm
perf-debuginfo-5.10.0-60.54.0.82.oe2203.x86_64.rpm
python3-perf-debuginfo-5.10.0-60.54.0.82.oe2203.x86_64.rpm
kernel-tools-debuginfo-5.10.0-60.54.0.82.oe2203.x86_64.rpm
bpftool-debuginfo-5.10.0-60.54.0.82.oe2203.x86_64.rpm
kernel-5.10.0-60.54.0.82.oe2203.x86_64.rpm
kernel-headers-5.10.0-60.54.0.82.oe2203.x86_64.rpm
kernel-source-5.10.0-60.54.0.82.oe2203.x86_64.rpm
kernel-devel-5.10.0-60.54.0.82.oe2203.x86_64.rpm
bpftool-5.10.0-60.54.0.82.oe2203.x86_64.rpm
python3-perf-5.10.0-60.54.0.82.oe2203.x86_64.rpm
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.
2022-09-07
CVE-2022-1462
openEuler-22.03-LTS
Medium
6.3
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
kernel security update
2022-09-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5
2022-09-07
CVE-2022-2503
openEuler-22.03-LTS
Medium
6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-09-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893
A race condition was found in the Linux kernel s watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
2022-09-07
CVE-2022-2959
openEuler-22.03-LTS
High
7.0
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-09-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893
A flaw was found in the kernels implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.References:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f
2022-09-07
CVE-2022-2977
openEuler-22.03-LTS
High
7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-09-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893
The linux kernels driver for the ASIX AX88179_178A based USB 2.0/3.0 Gigabit Ethernet Devices contains multiple out-of-bounds reads and possible writes in the ax88179_rx_fixup() function. References:https://www.spinics.net/lists/stable/msg536418.htmlUpstream commit:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581
2022-09-07
CVE-2022-2964
openEuler-22.03-LTS
High
7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-09-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
2022-09-07
CVE-2022-3028
openEuler-22.03-LTS
Medium
6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-09-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1893