14 lines
1.4 KiB
JSON
14 lines
1.4 KiB
JSON
{
|
||
"id": "openEuler-SA-2022-1727",
|
||
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1727",
|
||
"title": "An update for kernel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
||
"severity": "High",
|
||
"description": "The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-1048)\r\n\r\nThe SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.(CVE-2022-1158)\r\n\r\nKGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).(CVE-2022-21499)",
|
||
"cves": [
|
||
{
|
||
"id": "CVE-2022-21499",
|
||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21499",
|
||
"severity": "High"
|
||
}
|
||
]
|
||
} |