SB2022060236 - openEuler update for kernel

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2022-0002)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.

2) Use-after-free (CVE-ID: CVE-2022-29582)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the io_uring timeouts() function in the Linux kernel. A local user can trigger a race condition between timeout flush and removal to cause a denial of service or escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2022-1195)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the drivers/net/hamradio. A local user can cause a denial of service (DOS) when the mkiss or sixpack device is detached.

4) Use of uninitialized resource (CVE-ID: CVE-2022-20008)

The vulnerability allows a local application to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources within the mmc_blk_read_single() function in block.c. A local application can obtain potentially sensitive information from memory when reading from an SD card that triggers errors.

5) Memory leak (CVE-ID: CVE-2022-1012)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient randomization in the net/ipv4/tcp.c when calculating port offsets in Linux kernel cause by small table perturb size. A remote attacker can cause memory leak and gain access to sensitive information.

6) Use-after-free (CVE-ID: CVE-2022-1734)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations. A local user can trigger use-after-free to escalate privileges on the system.

7) Improper update of reference count (CVE-ID: CVE-2022-29581)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper update of reference count in net/sched in Linux kernel. A local user can execute arbitrary code with root privileges.

8) NULL pointer dereference (CVE-ID: CVE-2022-1516)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference error in the Linux kernel’s X.25 set of standardized network protocols functionality. A local user can terminate session using a simulated Ethernet card and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1691