SB2022052039 - openEuler update for kernel
Published: May 20, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Double Free (CVE-ID: CVE-2022-28388)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to boundary error in the usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.
2) Double Free (CVE-ID: CVE-2022-28389)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to boundary error in mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.
3) Memory leak (CVE-ID: CVE-2022-28356)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/llc/af_llc.c component. A remote attacker can force the system to leak memory and perform denial of service attack.
Remediation
Install update from vendor's website.