Anolis OS update for kernel(ANCK)4.19

1) Information disclosure

EUVDB-ID: #VU64919

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-0812

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c() function in RPCRDMA_HDRLEN_MIN (7). A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU63158

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-1516

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference error in the Linux kernel’s X.25 set of standardized network protocols functionality. A local user can terminate session using a simulated Ethernet card and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU64087

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-1836

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use-after-free error in the drivers/block/floppy.c in the floppy driver module in the Linux kernel when working with raw_cmd_ioctl and seek_interrupt. A local user can trigger use-after-free to escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU64944

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-33981

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform denial of service attack.

The vulnerability exists due to a use-after-free error in drivers/block/floppy.c in the Linux kernel when deallocating raw_cmd in the raw_cmd_ioctl function(). A local user can trigger use-after-free and perform denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU64134

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20141

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper imposition of security restrictions in the Linux kernel's components. A local user can trigger the vulnerability to bypass security restrictions bypass and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU67474

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20369

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the v4l2_m2m_querybuf() function in v4l2-mem2mem.c. A local user can trigger ab out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

EUVDB-ID: #VU67866

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20422

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within emulation_proc_handler() in armv8 emulation in arch/arm64/kernel/armv8_deprecated.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-23960

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to obtain potentially sensitive information.

The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.

The vulnerability was dubbed Spectre-BHB.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Security restrictions bypass

EUVDB-ID: #VU66549

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26373

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of return predictor targets between contexts in Intel CPU processors. A local user can bypass the expected architecture isolation between contexts and gain access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU67510

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-2663

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass firewall rules.

The vulnerability exists due to insufficient validation of user-supplied input in nf_conntrack_irc in Linux kernel. A remote attacker can send unencrypted IRC with nf_conntrack_irc configured and bypass configured firewall rules.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU63318

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26966

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in drivers/net/usb/sr9700.c in the Linux kernel. A remote attacker can pass specially crafted data and obtain sensitive information from heap memory.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Race condition

EUVDB-ID: #VU67477

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3028

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU68780

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3169

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in Linux kernel when handling a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver. A local user can force the a PCIe link to disconnect.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use of insufficiently random values

EUVDB-ID: #VU64943

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-32296

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux kernel allowing TCP servers to identify clients by observing what source ports are used. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU65005

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-32981

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in ptrace PEEKUSER and POKEUSER when accessing floating point registers on powerpc 32-bit platforms. A local user can trigger buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information disclosure

EUVDB-ID: #VU65346

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-33740

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Information disclosure

EUVDB-ID: #VU65345

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26365

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information disclosure

EUVDB-ID: #VU65351

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-33741

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Information disclosure

EUVDB-ID: #VU65348

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-33742

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU65844

Risk: Low

CVSSv4.0: 5.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear]

CVE-ID: CVE-2022-33744

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of foreign mappings performed by rbtree when mapping pages of Arm guests. An unprivileged Arm guest can cause inconsistencies of the rbtree via PV devices, which can lead to denial of service of dom0 and cause crashes or the inability to perform further mappings of other guests' memory pages.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Race condition

EUVDB-ID: #VU69755

Risk: Low

CVSSv4.0: 4.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3521

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the kcm_tx_work() function in net/kcm/kcmsock.c in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU69758

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3545

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the area_cache_get() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU69709

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3565

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the del_timer() function in drivers/isdn/mISDN/l1oip_core.c in the Bluetooth component. An attacker with physical proximity to device can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU69708

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3586

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU69707

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3594

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the intr_callback() function in drivers/net/usb/r8152.c can be forced to include excessive data info the log files. A local user can read the log files and gain access to sensitive data.

Note, the vulnerability can be triggered remotely.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU69803

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3628

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the brcmf_fweh_event_worker() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c. A local user can use a specially crafted device to trigger memory corruption and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Memory leak

EUVDB-ID: #VU69706

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3629

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack.

The vulnerability exists due memory leak within the vsock_connect() function in net/vmw_vsock/af_vsock.c in Linux kernel IPSec implementation. A local user can force the system to leak memory and perform denial of service attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU69398

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3635

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the drivers/atm/idt77252.c in IPsec component of Linux kernel. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68110

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39189

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a guest user to escalate privileges on the system.

The vulnerability exists due to incorrect handling of TLB flush operations in certain KVM_VCPU_PREEMPTED situations in the x86 KVM subsystem in the Linux kernel. An attacker with unprivileged access to the guest OS can escalate privileges on the guest.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Integer overflow

EUVDB-ID: #VU67914

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-39842

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the pxa3xx_gcu_write() function in drivers/video/fbdev/pxa3xx-gcu.c in Linux kernel. A local user can trigger an integer overflow and execute arbitrary code with escalated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU67915

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-40307

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the drivers/firmware/efi/capsule-loader.c in Linux kernel. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Access of Uninitialized Pointer

EUVDB-ID: #VU69796

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42895

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to unauthorized access of uninitialized pointer within the l2cap_parse_conf_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds write

EUVDB-ID: #VU69296

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-43750

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Stack-based buffer overflow

EUVDB-ID: #VU70442

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2022-4378

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the __do_proc_dointvec() function. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 7

python-perf: before 4.19.91-27.1

perf: before 4.19.91-27.1

kernel-tools-libs-devel: before 4.19.91-27.1

kernel-tools-libs: before 4.19.91-27.1

kernel-tools: before 4.19.91-27.1

kernel-headers: before 4.19.91-27.1

kernel-devel: before 4.19.91-27.1

kernel-debug-devel: before 4.19.91-27.1

kernel-debug: before 4.19.91-27.1

kernel: before 4.19.91-27.1

bpftool: before 4.19.91-27.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0051

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Risk	Medium
Patch available	YES
Number of vulnerabilities	34
CVE-ID	CVE-2022-0812 CVE-2022-1516 CVE-2022-1836 CVE-2022-33981 CVE-2022-20141 CVE-2022-20369 CVE-2022-20422 CVE-2022-23960 CVE-2022-26373 CVE-2022-2663 CVE-2022-26966 CVE-2022-3028 CVE-2022-3169 CVE-2022-32296 CVE-2022-32981 CVE-2022-33740 CVE-2022-26365 CVE-2022-33741 CVE-2022-33742 CVE-2022-33744 CVE-2022-3521 CVE-2022-3545 CVE-2022-3565 CVE-2022-3586 CVE-2022-3594 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-39189 CVE-2022-39842 CVE-2022-40307 CVE-2022-42895 CVE-2022-43750 CVE-2022-4378
CWE-ID	CWE-200 CWE-476 CWE-416 CWE-264 CWE-787 CWE-1037 CWE-20 CWE-362 CWE-399 CWE-330 CWE-119 CWE-532 CWE-401 CWE-190 CWE-824 CWE-121
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #34 is available.
Vulnerable software	Anolis OS Operating systems & Components / Operating system python-perf Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-libs-devel Operating systems & Components / Operating system package or component kernel-tools-libs Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debug-devel Operating systems & Components / Operating system package or component kernel-debug Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component
Vendor	OpenAnolis