An update for kernel is now available for openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2026 Final 1.0 1.0 2022-10-28 Initial 2022-10-28 2022-10-28 openEuler SA Tool V1.0 2022-10-28 kernel security update An update for kernel is now available for openEuler-20.03-LTS-SP3. The Linux Kernel, the operating system core itself. Security Fix(es): drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.(CVE-2022-41849) In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel(CVE-2022-20423) A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.(CVE-2022-3524) A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.(CVE-2022-3545) A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.(CVE-2022-3565) A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.(CVE-2022-3594) A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.(CVE-2022-3564) A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.(CVE-2022-3566) A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability.(CVE-2022-3542) A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability.(CVE-2022-3535) A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.(CVE-2022-3521) An update for kernel is now available for openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2026 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-41849 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-20423 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3524 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3545 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3565 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3594 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3564 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3566 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3542 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3535 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3521 https://nvd.nist.gov/vuln/detail/CVE-2022-41849 https://nvd.nist.gov/vuln/detail/CVE-2022-20423 https://nvd.nist.gov/vuln/detail/CVE-2022-3524 https://nvd.nist.gov/vuln/detail/CVE-2022-3545 https://nvd.nist.gov/vuln/detail/CVE-2022-3565 https://nvd.nist.gov/vuln/detail/CVE-2022-3594 https://nvd.nist.gov/vuln/detail/CVE-2022-3564 https://nvd.nist.gov/vuln/detail/CVE-2022-3566 https://nvd.nist.gov/vuln/detail/CVE-2022-3542 https://nvd.nist.gov/vuln/detail/CVE-2022-3535 https://nvd.nist.gov/vuln/detail/CVE-2022-3521 openEuler-20.03-LTS-SP3 bpftool-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm kernel-debugsource-4.19.90-2210.4.0.0173.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm kernel-tools-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm kernel-source-4.19.90-2210.4.0.0173.oe1.aarch64.rpm perf-4.19.90-2210.4.0.0173.oe1.aarch64.rpm python2-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm kernel-4.19.90-2210.4.0.0173.oe1.aarch64.rpm perf-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm python3-perf-4.19.90-2210.4.0.0173.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2210.4.0.0173.oe1.aarch64.rpm kernel-tools-4.19.90-2210.4.0.0173.oe1.aarch64.rpm kernel-devel-4.19.90-2210.4.0.0173.oe1.aarch64.rpm python2-perf-4.19.90-2210.4.0.0173.oe1.aarch64.rpm bpftool-4.19.90-2210.4.0.0173.oe1.aarch64.rpm kernel-4.19.90-2210.4.0.0173.oe1.src.rpm kernel-4.19.90-2210.4.0.0173.oe1.x86_64.rpm kernel-debugsource-4.19.90-2210.4.0.0173.oe1.x86_64.rpm python2-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm bpftool-4.19.90-2210.4.0.0173.oe1.x86_64.rpm perf-4.19.90-2210.4.0.0173.oe1.x86_64.rpm kernel-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm python3-perf-4.19.90-2210.4.0.0173.oe1.x86_64.rpm python2-perf-4.19.90-2210.4.0.0173.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm kernel-source-4.19.90-2210.4.0.0173.oe1.x86_64.rpm kernel-tools-4.19.90-2210.4.0.0173.oe1.x86_64.rpm bpftool-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm kernel-devel-4.19.90-2210.4.0.0173.oe1.x86_64.rpm perf-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2210.4.0.0173.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. 2022-10-28 CVE-2022-41849 openEuler-20.03-LTS-SP3 Medium 4.2 AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2026 In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel 2022-10-28 CVE-2022-20423 openEuler-20.03-LTS-SP3 Medium 4.6 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2026 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. 2022-10-28 CVE-2022-3524 openEuler-20.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2026 A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. 2022-10-28 CVE-2022-3545 openEuler-20.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2026 A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. 2022-10-28 CVE-2022-3565 openEuler-20.03-LTS-SP3 High 8.0 AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2026 A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. 2022-10-28 CVE-2022-3594 openEuler-20.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2026 A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. 2022-10-28 CVE-2022-3564 openEuler-20.03-LTS-SP3 High 8.0 AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEulerSA-2022-2026 A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. 2022-10-28 CVE-2022-3566 openEuler-20.03-LTS-SP3 High 7.1 AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEulerSA-2022-2026 A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability. 2022-10-28 CVE-2022-3542 openEuler-20.03-LTS-SP3 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEulerSA-2022-2026 A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability. 2022-10-28 CVE-2022-3535 openEuler-20.03-LTS-SP3 Low 3.5 AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEulerSA-2022-2026 A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability. 2022-10-28 CVE-2022-3521 openEuler-20.03-LTS-SP3 Low 2.5 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L kernel security update 2022-10-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEulerSA-2022-2026