An update for kernel is now available for openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1927
Final
1.0
1.0
2022-09-16
Initial
2022-09-16
2022-09-16
openEuler SA Tool V1.0
2022-09-16
kernel security update
An update for kernel is now available for openEuler-22.03-LTS.
The Linux Kernel, the operating system core itself.
Security Fix(es):
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.(CVE-2022-39842)
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.(CVE-2022-39190)
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.(CVE-2022-39189)
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn t check the value of pixclock , so it may cause a divide by zero error.(CVE-2022-3061)
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.(CVE-2022-2663)
An update for kernel is now available for openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
kernel
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-39842
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-39190
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-39189
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3061
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2663
https://nvd.nist.gov/vuln/detail/CVE-2022-39842
https://nvd.nist.gov/vuln/detail/CVE-2022-39190
https://nvd.nist.gov/vuln/detail/CVE-2022-39189
https://nvd.nist.gov/vuln/detail/CVE-2022-3061
https://nvd.nist.gov/vuln/detail/CVE-2022-2663
openEuler-22.03-LTS
bpftool-5.10.0-60.56.0.84.oe2203.aarch64.rpm
kernel-tools-devel-5.10.0-60.56.0.84.oe2203.aarch64.rpm
kernel-tools-debuginfo-5.10.0-60.56.0.84.oe2203.aarch64.rpm
kernel-5.10.0-60.56.0.84.oe2203.aarch64.rpm
kernel-debugsource-5.10.0-60.56.0.84.oe2203.aarch64.rpm
kernel-devel-5.10.0-60.56.0.84.oe2203.aarch64.rpm
kernel-tools-5.10.0-60.56.0.84.oe2203.aarch64.rpm
perf-debuginfo-5.10.0-60.56.0.84.oe2203.aarch64.rpm
perf-5.10.0-60.56.0.84.oe2203.aarch64.rpm
python3-perf-5.10.0-60.56.0.84.oe2203.aarch64.rpm
kernel-source-5.10.0-60.56.0.84.oe2203.aarch64.rpm
python3-perf-debuginfo-5.10.0-60.56.0.84.oe2203.aarch64.rpm
bpftool-debuginfo-5.10.0-60.56.0.84.oe2203.aarch64.rpm
kernel-headers-5.10.0-60.56.0.84.oe2203.aarch64.rpm
kernel-debuginfo-5.10.0-60.56.0.84.oe2203.aarch64.rpm
kernel-5.10.0-60.56.0.84.oe2203.src.rpm
kernel-tools-devel-5.10.0-60.56.0.84.oe2203.x86_64.rpm
kernel-tools-5.10.0-60.56.0.84.oe2203.x86_64.rpm
perf-5.10.0-60.56.0.84.oe2203.x86_64.rpm
kernel-debugsource-5.10.0-60.56.0.84.oe2203.x86_64.rpm
kernel-debuginfo-5.10.0-60.56.0.84.oe2203.x86_64.rpm
perf-debuginfo-5.10.0-60.56.0.84.oe2203.x86_64.rpm
python3-perf-debuginfo-5.10.0-60.56.0.84.oe2203.x86_64.rpm
kernel-tools-debuginfo-5.10.0-60.56.0.84.oe2203.x86_64.rpm
bpftool-debuginfo-5.10.0-60.56.0.84.oe2203.x86_64.rpm
kernel-5.10.0-60.56.0.84.oe2203.x86_64.rpm
kernel-headers-5.10.0-60.56.0.84.oe2203.x86_64.rpm
kernel-source-5.10.0-60.56.0.84.oe2203.x86_64.rpm
kernel-devel-5.10.0-60.56.0.84.oe2203.x86_64.rpm
bpftool-5.10.0-60.56.0.84.oe2203.x86_64.rpm
python3-perf-5.10.0-60.56.0.84.oe2203.x86_64.rpm
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.
2022-09-16
CVE-2022-39842
openEuler-22.03-LTS
Medium
6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-09-16
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.
2022-09-16
CVE-2022-39190
openEuler-22.03-LTS
Medium
5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-09-16
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
2022-09-16
CVE-2022-39189
openEuler-22.03-LTS
High
7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-09-16
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn t check the value of pixclock , so it may cause a divide by zero error.
2022-09-16
CVE-2022-3061
openEuler-22.03-LTS
Medium
6.2
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-09-16
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
2022-09-16
CVE-2022-2663
openEuler-22.03-LTS
Medium
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
kernel security update
2022-09-16
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927