Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU74691
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20568
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the io_uring subcomponent in Kernel components. A local application can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP3
kernel-source: before 4.19.90-2212.4.0.0183
python3-perf: before 4.19.90-2212.4.0.0183
kernel-tools-devel: before 4.19.90-2212.4.0.0183
kernel-debugsource: before 4.19.90-2212.4.0.0183
kernel-tools-debuginfo: before 4.19.90-2212.4.0.0183
python3-perf-debuginfo: before 4.19.90-2212.4.0.0183
perf: before 4.19.90-2212.4.0.0183
python2-perf: before 4.19.90-2212.4.0.0183
kernel-debuginfo: before 4.19.90-2212.4.0.0183
perf-debuginfo: before 4.19.90-2212.4.0.0183
python2-perf-debuginfo: before 4.19.90-2212.4.0.0183
kernel-devel: before 4.19.90-2212.4.0.0183
kernel-tools: before 4.19.90-2212.4.0.0183
bpftool: before 4.19.90-2212.4.0.0183
bpftool-debuginfo: before 4.19.90-2212.4.0.0183
kernel: before 4.19.90-2212.4.0.0183
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74549
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20572
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing permission check within the verity_target() function in dm-verity-target.c. A local user can modify read-only files and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP3
kernel-source: before 4.19.90-2212.4.0.0183
python3-perf: before 4.19.90-2212.4.0.0183
kernel-tools-devel: before 4.19.90-2212.4.0.0183
kernel-debugsource: before 4.19.90-2212.4.0.0183
kernel-tools-debuginfo: before 4.19.90-2212.4.0.0183
python3-perf-debuginfo: before 4.19.90-2212.4.0.0183
perf: before 4.19.90-2212.4.0.0183
python2-perf: before 4.19.90-2212.4.0.0183
kernel-debuginfo: before 4.19.90-2212.4.0.0183
perf-debuginfo: before 4.19.90-2212.4.0.0183
python2-perf-debuginfo: before 4.19.90-2212.4.0.0183
kernel-devel: before 4.19.90-2212.4.0.0183
kernel-tools: before 4.19.90-2212.4.0.0183
bpftool: before 4.19.90-2212.4.0.0183
bpftool-debuginfo: before 4.19.90-2212.4.0.0183
kernel: before 4.19.90-2212.4.0.0183
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67657
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-41218
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_demux_open() and dvb_dmxdev_release() function in drivers/media/dvb-core/dmxdev.c in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP3
kernel-source: before 4.19.90-2212.4.0.0183
python3-perf: before 4.19.90-2212.4.0.0183
kernel-tools-devel: before 4.19.90-2212.4.0.0183
kernel-debugsource: before 4.19.90-2212.4.0.0183
kernel-tools-debuginfo: before 4.19.90-2212.4.0.0183
python3-perf-debuginfo: before 4.19.90-2212.4.0.0183
perf: before 4.19.90-2212.4.0.0183
python2-perf: before 4.19.90-2212.4.0.0183
kernel-debuginfo: before 4.19.90-2212.4.0.0183
perf-debuginfo: before 4.19.90-2212.4.0.0183
python2-perf-debuginfo: before 4.19.90-2212.4.0.0183
kernel-devel: before 4.19.90-2212.4.0.0183
kernel-tools: before 4.19.90-2212.4.0.0183
bpftool: before 4.19.90-2212.4.0.0183
bpftool-debuginfo: before 4.19.90-2212.4.0.0183
kernel: before 4.19.90-2212.4.0.0183
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU71581
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3115
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_crtc_reset() function in drivers/gpu/drm/arm/malidp_crtc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP3
kernel-source: before 4.19.90-2212.4.0.0183
python3-perf: before 4.19.90-2212.4.0.0183
kernel-tools-devel: before 4.19.90-2212.4.0.0183
kernel-debugsource: before 4.19.90-2212.4.0.0183
kernel-tools-debuginfo: before 4.19.90-2212.4.0.0183
python3-perf-debuginfo: before 4.19.90-2212.4.0.0183
perf: before 4.19.90-2212.4.0.0183
python2-perf: before 4.19.90-2212.4.0.0183
kernel-debuginfo: before 4.19.90-2212.4.0.0183
perf-debuginfo: before 4.19.90-2212.4.0.0183
python2-perf-debuginfo: before 4.19.90-2212.4.0.0183
kernel-devel: before 4.19.90-2212.4.0.0183
kernel-tools: before 4.19.90-2212.4.0.0183
bpftool: before 4.19.90-2212.4.0.0183
bpftool-debuginfo: before 4.19.90-2212.4.0.0183
kernel: before 4.19.90-2212.4.0.0183
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71540
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3111
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the free_charger_irq() function in drivers/power/supply/wm8350_power.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP3
kernel-source: before 4.19.90-2212.4.0.0183
python3-perf: before 4.19.90-2212.4.0.0183
kernel-tools-devel: before 4.19.90-2212.4.0.0183
kernel-debugsource: before 4.19.90-2212.4.0.0183
kernel-tools-debuginfo: before 4.19.90-2212.4.0.0183
python3-perf-debuginfo: before 4.19.90-2212.4.0.0183
perf: before 4.19.90-2212.4.0.0183
python2-perf: before 4.19.90-2212.4.0.0183
kernel-debuginfo: before 4.19.90-2212.4.0.0183
perf-debuginfo: before 4.19.90-2212.4.0.0183
python2-perf-debuginfo: before 4.19.90-2212.4.0.0183
kernel-devel: before 4.19.90-2212.4.0.0183
kernel-tools: before 4.19.90-2212.4.0.0183
bpftool: before 4.19.90-2212.4.0.0183
bpftool-debuginfo: before 4.19.90-2212.4.0.0183
kernel: before 4.19.90-2212.4.0.0183
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71539
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3108
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to unchecked return value within the kfd_parse_subtype_iolink() function in drivers/gpu/drm/amd/amdkfd/kfd_crat.c. A local user can crash the kernel.
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP3
kernel-source: before 4.19.90-2212.4.0.0183
python3-perf: before 4.19.90-2212.4.0.0183
kernel-tools-devel: before 4.19.90-2212.4.0.0183
kernel-debugsource: before 4.19.90-2212.4.0.0183
kernel-tools-debuginfo: before 4.19.90-2212.4.0.0183
python3-perf-debuginfo: before 4.19.90-2212.4.0.0183
perf: before 4.19.90-2212.4.0.0183
python2-perf: before 4.19.90-2212.4.0.0183
kernel-debuginfo: before 4.19.90-2212.4.0.0183
perf-debuginfo: before 4.19.90-2212.4.0.0183
python2-perf-debuginfo: before 4.19.90-2212.4.0.0183
kernel-devel: before 4.19.90-2212.4.0.0183
kernel-tools: before 4.19.90-2212.4.0.0183
bpftool: before 4.19.90-2212.4.0.0183
bpftool-debuginfo: before 4.19.90-2212.4.0.0183
kernel: before 4.19.90-2212.4.0.0183
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.