openEuler update for kernel

Published: 2022-05-11

Risk	Medium
Patch available	YES
Number of vulnerabilities	15
CVE-ID	CVE-2022-1205 CVE-2022-1199 CVE-2022-1353 CVE-2022-23960 CVE-2022-29156 CVE-2022-0500 CVE-2022-23036 CVE-2021-39686 CVE-2022-0001 CVE-2022-23038 CVE-2022-23037 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042
CWE-ID	CWE-476 CWE-200 CWE-1037 CWE-415 CWE-787 CWE-362 CWE-617
Exploitation vector	Local
Public exploit	N/A
Vulnerable software Subscribe	openEuler Operating systems & Components / Operating system kernel-debugsource Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component python3-perf-debuginfo Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU63433

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1205

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a null pointer dereference and use after free errors in the net/ax25/ax25_timer.c. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU63432

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1199

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a Null pointer dereference and use after free errors in the ax25_release() function. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU63388

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1353

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65007

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23960

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to obtain potentially sensitive information.

The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.

The vulnerability was dubbed Spectre-BHB.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Double Free

EUVDB-ID: #VU63319

Risk: Medium

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29156

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel. A remote attacker can pass specially crafted data to the application, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU65298

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0500

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in unrestricted eBPF usage by the BPF_BTF_LOAD in Linux kernel. A local user can trigger an out-of-bounds write error in BPF subsystem and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Race condition

EUVDB-ID: #VU63305

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23036

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the blkfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Race condition

EUVDB-ID: #VU61096

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-39686

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the binder implementation in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information disclosure

EUVDB-ID: #VU61198

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0001

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Race condition

EUVDB-ID: #VU63307

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23038

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the scsifront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Race condition

EUVDB-ID: #VU63306

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23037

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Race condition

EUVDB-ID: #VU63308

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23039

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the gntalloc ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Race condition

EUVDB-ID: #VU63309

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23040

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the xenbus ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Race condition

EUVDB-ID: #VU63310

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23041

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls ring buffers. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Reachable Assertion

EUVDB-ID: #VU63311

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23042

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to reachable assertion in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP1 - 22.03 LTS

kernel-debugsource: before 4.19.90-2204.4.0.0148

python2-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-debuginfo: before 4.19.90-2204.4.0.0148

kernel-debuginfo: before 4.19.90-2204.4.0.0148

python2-perf: before 4.19.90-2204.4.0.0148

kernel-tools: before 4.19.90-2204.4.0.0148

bpftool: before 4.19.90-2204.4.0.0148

perf: before 4.19.90-2204.4.0.0148

perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-tools-devel: before 4.19.90-2204.4.0.0148

python3-perf: before 4.19.90-2204.4.0.0148

kernel-source: before 4.19.90-2204.4.0.0148

bpftool-debuginfo: before 4.19.90-2204.4.0.0148

python3-perf-debuginfo: before 4.19.90-2204.4.0.0148

kernel-devel: before 4.19.90-2204.4.0.0148

kernel: before 4.19.90-2204.4.0.0148

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1631

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.