571 lines
51 KiB
XML
571 lines
51 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
||
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
|
||
<DocumentTitle xml:lang="en">An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS</DocumentTitle>
|
||
<DocumentType>Security Advisory</DocumentType>
|
||
<DocumentPublisher Type="Vendor">
|
||
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
|
||
<IssuingAuthority>openEuler security committee</IssuingAuthority>
|
||
</DocumentPublisher>
|
||
<DocumentTracking>
|
||
<Identification>
|
||
<ID>openEuler-SA-2022-1631</ID>
|
||
</Identification>
|
||
<Status>Final</Status>
|
||
<Version>1.0</Version>
|
||
<RevisionHistory>
|
||
<Revision>
|
||
<Number>1.0</Number>
|
||
<Date>2022-05-11</Date>
|
||
<Description>Initial</Description>
|
||
</Revision>
|
||
</RevisionHistory>
|
||
<InitialReleaseDate>2022-05-11</InitialReleaseDate>
|
||
<CurrentReleaseDate>2022-05-11</CurrentReleaseDate>
|
||
<Generator>
|
||
<Engine>openEuler SA Tool V1.0</Engine>
|
||
<Date>2022-05-11</Date>
|
||
</Generator>
|
||
</DocumentTracking>
|
||
<DocumentNotes>
|
||
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">kernel security update</Note>
|
||
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.</Note>
|
||
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">The Linux Kernel, the operating system core itself.
|
||
|
||
Security Fix(es):
|
||
|
||
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system(CVE-2022-1205)
|
||
|
||
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.(CVE-2022-1199)
|
||
|
||
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.(CVE-2022-1353)
|
||
|
||
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.(CVE-2022-23960)
|
||
|
||
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.(CVE-2022-29156)
|
||
|
||
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.(CVE-2022-0500)
|
||
|
||
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042(CVE-2022-23036)
|
||
|
||
In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel(CVE-2021-39686)
|
||
|
||
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.(CVE-2022-0001)
|
||
|
||
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042(CVE-2022-23038)
|
||
|
||
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042(CVE-2022-23037)</Note>
|
||
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
|
||
|
||
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
|
||
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
|
||
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">kernel</Note>
|
||
</DocumentNotes>
|
||
<DocumentReferences>
|
||
<Reference Type="Self">
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Reference>
|
||
<Reference Type="openEuler CVE">
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1205</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1199</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-1353</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-23960</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29156</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0500</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-23036</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-39686</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-0001</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-23038</URL>
|
||
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-23037</URL>
|
||
</Reference>
|
||
<Reference Type="Other">
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-1205</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-1199</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-1353</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-23960</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-29156</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-0500</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-23036</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-39686</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-0001</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-23038</URL>
|
||
<URL>https://nvd.nist.gov/vuln/detail/CVE-2022-23037</URL>
|
||
</Reference>
|
||
</DocumentReferences>
|
||
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
|
||
<Branch Type="Product Name" Name="openEuler">
|
||
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
|
||
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
|
||
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
|
||
</Branch>
|
||
<Branch Type="Package Arch" Name="aarch64">
|
||
<FullProductName ProductID="kernel-devel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-devel-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-source-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-devel-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debugsource-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-devel-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-perf-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">bpftool-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-source-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-perf-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-devel-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">perf-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">perf-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">bpftool-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python2-perf-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python2-perf-debuginfo-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-debugsource-4.19.90-2204.4.0.0148.oe1.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-devel-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-debuginfo-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-debuginfo-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debuginfo-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-source-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-headers-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-headers-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-debuginfo-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debugsource-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-devel-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-debuginfo-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.39.0.68.oe2203.aarch64.rpm</FullProductName>
|
||
</Branch>
|
||
<Branch Type="Package Arch" Name="src">
|
||
<FullProductName ProductID="kernel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-4.19.90-2204.4.0.0148.oe1.src.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-4.19.90-2204.4.0.0148.oe1.src.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.39.0.68.oe2203.src.rpm</FullProductName>
|
||
</Branch>
|
||
<Branch Type="Package Arch" Name="x86_64">
|
||
<FullProductName ProductID="kernel-tools-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">perf-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-devel-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python2-perf-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">python3-perf-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">bpftool-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-tools-devel-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-debugsource-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">kernel-source-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-devel-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">perf-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-source-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python2-perf-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-perf-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-perf-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">bpftool-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python2-perf-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-debugsource-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-devel-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">bpftool-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">perf-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-devel-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">perf-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-source-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python2-perf-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-perf-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python3-perf-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">bpftool-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python2-perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">python2-perf-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-debugsource-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">kernel-tools-devel-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">bpftool-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-4.19.90-2204.4.0.0148" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">perf-debuginfo-4.19.90-2204.4.0.0148.oe1.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-devel-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-devel-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debugsource-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debugsource-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-debuginfo-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-debuginfo-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-source-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-source-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-tools-devel-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-tools-devel-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-debuginfo-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-debuginfo-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-headers-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-headers-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="perf-debuginfo-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">perf-debuginfo-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="bpftool-debuginfo-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">bpftool-debuginfo-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="kernel-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">kernel-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
<FullProductName ProductID="python3-perf-debuginfo-5.10.0-60.39.0.68" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">python3-perf-debuginfo-5.10.0-60.39.0.68.oe2203.x86_64.rpm</FullProductName>
|
||
</Branch>
|
||
</ProductTree>
|
||
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2022-1205</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>5.1</BaseScore>
|
||
<Vector>AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2022-1199</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>5.1</BaseScore>
|
||
<Vector>AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2022-1353</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>6.1</BaseScore>
|
||
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2022-23960</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>5.6</BaseScore>
|
||
<Vector>AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="5" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2022-29156</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>High</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>7.8</BaseScore>
|
||
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="6" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="6" xml:lang="en">A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2022-0500</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>High</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>7.8</BaseScore>
|
||
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="7" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="7" xml:lang="en">Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2022-23036</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>High</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>7.0</BaseScore>
|
||
<Vector>AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="8" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="8" xml:lang="en">In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2021-39686</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>High</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>7.0</BaseScore>
|
||
<Vector>AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="9" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="9" xml:lang="en">Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2022-0001</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>Medium</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>6.5</BaseScore>
|
||
<Vector>AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="10" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="10" xml:lang="en">Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2022-23038</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>High</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>7.0</BaseScore>
|
||
<Vector>AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
<Vulnerability Ordinal="11" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
|
||
<Notes>
|
||
<Note Title="Vulnerability Description" Type="General" Ordinal="11" xml:lang="en">Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042</Note>
|
||
</Notes>
|
||
<ReleaseDate>2022-05-11</ReleaseDate>
|
||
<CVE>CVE-2022-23037</CVE>
|
||
<ProductStatuses>
|
||
<Status Type="Fixed">
|
||
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
|
||
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
|
||
<ProductID>openEuler-22.03-LTS</ProductID>
|
||
</Status>
|
||
</ProductStatuses>
|
||
<Threats>
|
||
<Threat Type="Impact">
|
||
<Description>High</Description>
|
||
</Threat>
|
||
</Threats>
|
||
<CVSSScoreSets>
|
||
<ScoreSet>
|
||
<BaseScore>7.0</BaseScore>
|
||
<Vector>AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
|
||
</ScoreSet>
|
||
</CVSSScoreSets>
|
||
<Remediations>
|
||
<Remediation Type="Vendor Fix">
|
||
<Description>kernel security update</Description>
|
||
<DATE>2022-05-11</DATE>
|
||
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1631</URL>
|
||
</Remediation>
|
||
</Remediations>
|
||
</Vulnerability>
|
||
</cvrfdoc> |