openEuler update for kernel

Published: 2022-04-02

Risk	Low
Patch available	YES
Number of vulnerabilities	4
CVE-ID	CVE-2022-26490 CVE-2022-0854 CVE-2022-0494 CVE-2022-27666
CWE-ID	CWE-119 CWE-401 CWE-200 CWE-122
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #4 is available.
Vulnerable software	openEuler Operating systems & Components / Operating system python2-perf Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU62601

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26490

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the st21nfca_connectivity_event_received() function in drivers/nfc/st21nfca/se.c in Linux kernel. A local user can run a specially crafted program to trigger buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 20.03 LTS SP3

python2-perf: before 4.19.90-2203.5.0.0143

kernel-tools: before 4.19.90-2203.5.0.0143

python3-perf: before 4.19.90-2203.5.0.0143

kernel-devel: before 4.19.90-2203.5.0.0143

kernel-debuginfo: before 4.19.90-2203.5.0.0143

python2-perf-debuginfo: before 4.19.90-2203.5.0.0143

kernel-tools-devel: before 4.19.90-2203.5.0.0143

kernel-source: before 4.19.90-2203.5.0.0143

perf: before 4.19.90-2203.5.0.0143

python3-perf-debuginfo: before 4.19.90-2203.5.0.0143

kernel-debugsource: before 4.19.90-2203.5.0.0143

bpftool: before 4.19.90-2203.5.0.0143

kernel-tools-debuginfo: before 4.19.90-2203.5.0.0143

perf-debuginfo: before 4.19.90-2203.5.0.0143

bpftool-debuginfo: before 4.19.90-2203.5.0.0143

kernel: before 4.19.90-2203.5.0.0143

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1604

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU63427

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-0854

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 20.03 LTS SP3

python2-perf: before 4.19.90-2203.5.0.0143

kernel-tools: before 4.19.90-2203.5.0.0143

python3-perf: before 4.19.90-2203.5.0.0143

kernel-devel: before 4.19.90-2203.5.0.0143

kernel-debuginfo: before 4.19.90-2203.5.0.0143

python2-perf-debuginfo: before 4.19.90-2203.5.0.0143

kernel-tools-devel: before 4.19.90-2203.5.0.0143

kernel-source: before 4.19.90-2203.5.0.0143

perf: before 4.19.90-2203.5.0.0143

python3-perf-debuginfo: before 4.19.90-2203.5.0.0143

kernel-debugsource: before 4.19.90-2203.5.0.0143

bpftool: before 4.19.90-2203.5.0.0143

kernel-tools-debuginfo: before 4.19.90-2203.5.0.0143

perf-debuginfo: before 4.19.90-2203.5.0.0143

bpftool-debuginfo: before 4.19.90-2203.5.0.0143

kernel: before 4.19.90-2203.5.0.0143

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1604

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU64259

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-0494

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 20.03 LTS SP3

python2-perf: before 4.19.90-2203.5.0.0143

kernel-tools: before 4.19.90-2203.5.0.0143

python3-perf: before 4.19.90-2203.5.0.0143

kernel-devel: before 4.19.90-2203.5.0.0143

kernel-debuginfo: before 4.19.90-2203.5.0.0143

python2-perf-debuginfo: before 4.19.90-2203.5.0.0143

kernel-tools-devel: before 4.19.90-2203.5.0.0143

kernel-source: before 4.19.90-2203.5.0.0143

perf: before 4.19.90-2203.5.0.0143

python3-perf-debuginfo: before 4.19.90-2203.5.0.0143

kernel-debugsource: before 4.19.90-2203.5.0.0143

bpftool: before 4.19.90-2203.5.0.0143

kernel-tools-debuginfo: before 4.19.90-2203.5.0.0143

perf-debuginfo: before 4.19.90-2203.5.0.0143

bpftool-debuginfo: before 4.19.90-2203.5.0.0143

kernel: before 4.19.90-2203.5.0.0143

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1604

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

EUVDB-ID: #VU61672

Risk: Low

CVSSv4.0: 6.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-27666

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c in Linux kernel. A local unprivileged user can pass specially crafted data to the system, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 20.03 LTS SP3

python2-perf: before 4.19.90-2203.5.0.0143

kernel-tools: before 4.19.90-2203.5.0.0143

python3-perf: before 4.19.90-2203.5.0.0143

kernel-devel: before 4.19.90-2203.5.0.0143

kernel-debuginfo: before 4.19.90-2203.5.0.0143

python2-perf-debuginfo: before 4.19.90-2203.5.0.0143

kernel-tools-devel: before 4.19.90-2203.5.0.0143

kernel-source: before 4.19.90-2203.5.0.0143

perf: before 4.19.90-2203.5.0.0143

python3-perf-debuginfo: before 4.19.90-2203.5.0.0143

kernel-debugsource: before 4.19.90-2203.5.0.0143

bpftool: before 4.19.90-2203.5.0.0143

kernel-tools-debuginfo: before 4.19.90-2203.5.0.0143

perf-debuginfo: before 4.19.90-2203.5.0.0143

bpftool-debuginfo: before 4.19.90-2203.5.0.0143

kernel: before 4.19.90-2203.5.0.0143

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1604

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.