An update for kernel is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1927 Final 1.0 1.0 2022-09-16 Initial 2022-09-16 2022-09-16 openEuler SA Tool V1.0 2022-09-16 kernel security update An update for kernel is now available for openEuler-22.03-LTS. The Linux Kernel, the operating system core itself. Security Fix(es): An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.(CVE-2022-39842) An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.(CVE-2022-39190) An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.(CVE-2022-39189) Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn t check the value of pixclock , so it may cause a divide by zero error.(CVE-2022-3061) An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.(CVE-2022-2663) An update for kernel is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-39842 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-39190 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-39189 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-3061 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-2663 https://nvd.nist.gov/vuln/detail/CVE-2022-39842 https://nvd.nist.gov/vuln/detail/CVE-2022-39190 https://nvd.nist.gov/vuln/detail/CVE-2022-39189 https://nvd.nist.gov/vuln/detail/CVE-2022-3061 https://nvd.nist.gov/vuln/detail/CVE-2022-2663 openEuler-22.03-LTS bpftool-5.10.0-60.56.0.84.oe2203.aarch64.rpm kernel-tools-devel-5.10.0-60.56.0.84.oe2203.aarch64.rpm kernel-tools-debuginfo-5.10.0-60.56.0.84.oe2203.aarch64.rpm kernel-5.10.0-60.56.0.84.oe2203.aarch64.rpm kernel-debugsource-5.10.0-60.56.0.84.oe2203.aarch64.rpm kernel-devel-5.10.0-60.56.0.84.oe2203.aarch64.rpm kernel-tools-5.10.0-60.56.0.84.oe2203.aarch64.rpm perf-debuginfo-5.10.0-60.56.0.84.oe2203.aarch64.rpm perf-5.10.0-60.56.0.84.oe2203.aarch64.rpm python3-perf-5.10.0-60.56.0.84.oe2203.aarch64.rpm kernel-source-5.10.0-60.56.0.84.oe2203.aarch64.rpm python3-perf-debuginfo-5.10.0-60.56.0.84.oe2203.aarch64.rpm bpftool-debuginfo-5.10.0-60.56.0.84.oe2203.aarch64.rpm kernel-headers-5.10.0-60.56.0.84.oe2203.aarch64.rpm kernel-debuginfo-5.10.0-60.56.0.84.oe2203.aarch64.rpm kernel-5.10.0-60.56.0.84.oe2203.src.rpm kernel-tools-devel-5.10.0-60.56.0.84.oe2203.x86_64.rpm kernel-tools-5.10.0-60.56.0.84.oe2203.x86_64.rpm perf-5.10.0-60.56.0.84.oe2203.x86_64.rpm kernel-debugsource-5.10.0-60.56.0.84.oe2203.x86_64.rpm kernel-debuginfo-5.10.0-60.56.0.84.oe2203.x86_64.rpm perf-debuginfo-5.10.0-60.56.0.84.oe2203.x86_64.rpm python3-perf-debuginfo-5.10.0-60.56.0.84.oe2203.x86_64.rpm kernel-tools-debuginfo-5.10.0-60.56.0.84.oe2203.x86_64.rpm bpftool-debuginfo-5.10.0-60.56.0.84.oe2203.x86_64.rpm kernel-5.10.0-60.56.0.84.oe2203.x86_64.rpm kernel-headers-5.10.0-60.56.0.84.oe2203.x86_64.rpm kernel-source-5.10.0-60.56.0.84.oe2203.x86_64.rpm kernel-devel-5.10.0-60.56.0.84.oe2203.x86_64.rpm bpftool-5.10.0-60.56.0.84.oe2203.x86_64.rpm python3-perf-5.10.0-60.56.0.84.oe2203.x86_64.rpm An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. 2022-09-16 CVE-2022-39842 openEuler-22.03-LTS Medium 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-09-16 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927 An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. 2022-09-16 CVE-2022-39190 openEuler-22.03-LTS Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-09-16 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927 An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. 2022-09-16 CVE-2022-39189 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-09-16 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927 Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn t check the value of pixclock , so it may cause a divide by zero error. 2022-09-16 CVE-2022-3061 openEuler-22.03-LTS Medium 6.2 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-09-16 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927 An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. 2022-09-16 CVE-2022-2663 openEuler-22.03-LTS Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N kernel security update 2022-09-16 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1927