SB2023022261 - Anolis OS update for kernel
Published: February 22, 2023 Updated: March 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 34 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2022-0812)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c() function in RPCRDMA_HDRLEN_MIN (7). A local user can gain unauthorized access to sensitive information on the system.
2) NULL pointer dereference (CVE-ID: CVE-2022-1516)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference error in the Linux kernel’s X.25 set of standardized network protocols functionality. A local user can terminate session using a simulated Ethernet card and perform a denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2022-1836)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/block/floppy.c in the floppy driver module in the Linux kernel when working with raw_cmd_ioctl and seek_interrupt. A local user can trigger use-after-free to escalate privileges on the system.
4) Use-after-free (CVE-ID: CVE-2022-33981)
The vulnerability allows a local user to perform denial of service attack.
The vulnerability exists due to a use-after-free error in drivers/block/floppy.c in the Linux kernel when deallocating raw_cmd in the raw_cmd_ioctl function(). A local user can trigger use-after-free and perform denial of service attack.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20141)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper imposition of security restrictions in the Linux kernel's components. A local user can trigger the vulnerability to bypass security restrictions bypass and escalate privileges on the system.
6) Out-of-bounds write (CVE-ID: CVE-2022-20369)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the v4l2_m2m_querybuf() function in v4l2-mem2mem.c. A local user can trigger ab out-of-bounds write and execute arbitrary code with elevated privileges.
7) Out-of-bounds write (CVE-ID: CVE-2022-20422)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within emulation_proc_handler() in armv8 emulation in arch/arm64/kernel/armv8_deprecated.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
8) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-23960)
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.
The vulnerability was dubbed Spectre-BHB.
9) Security restrictions bypass (CVE-ID: CVE-2022-26373)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of return predictor targets between contexts in Intel CPU processors. A local user can bypass the expected architecture isolation between contexts and gain access to sensitive information on the system.
10) Input validation error (CVE-ID: CVE-2022-2663)
The vulnerability allows a remote attacker to bypass firewall rules.
The vulnerability exists due to insufficient validation of user-supplied input in nf_conntrack_irc in Linux kernel. A remote attacker can send unencrypted IRC with nf_conntrack_irc configured and bypass configured firewall rules.
11) Use-after-free (CVE-ID: CVE-2022-26966)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in drivers/net/usb/sr9700.c in the Linux kernel. A remote attacker can pass specially crafted data and obtain sensitive information from heap memory.
12) Race condition (CVE-ID: CVE-2022-3028)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.
13) Resource management error (CVE-ID: CVE-2022-3169)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in Linux kernel when handling a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver. A local user can force the a PCIe link to disconnect.
14) Use of insufficiently random values (CVE-ID: CVE-2022-32296)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux kernel allowing TCP servers to identify clients by observing what source ports are used. A local user can gain unauthorized access to sensitive information on the system.
15) Buffer overflow (CVE-ID: CVE-2022-32981)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in ptrace PEEKUSER and POKEUSER when accessing floating point registers on powerpc 32-bit platforms. A local user can trigger buffer overflow and execute arbitrary code with elevated privileges.
16) Information disclosure (CVE-ID: CVE-2022-33740)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
17) Information disclosure (CVE-ID: CVE-2022-26365)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
18) Information disclosure (CVE-ID: CVE-2022-33741)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
19) Information disclosure (CVE-ID: CVE-2022-33742)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
20) Resource management error (CVE-ID: CVE-2022-33744)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of foreign mappings performed by rbtree when mapping pages of Arm guests. An unprivileged Arm guest can cause inconsistencies of the rbtree via PV devices, which can lead to denial of service of dom0 and cause crashes or the inability to perform further mappings of other guests' memory pages.
21) Race condition (CVE-ID: CVE-2022-3521)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the kcm_tx_work() function in net/kcm/kcmsock.c in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
22) Buffer overflow (CVE-ID: CVE-2022-3545)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the area_cache_get() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
23) Buffer overflow (CVE-ID: CVE-2022-3565)
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the del_timer() function in drivers/isdn/mISDN/l1oip_core.c in the Bluetooth component. An attacker with physical proximity to device can trigger memory corruption and execute arbitrary code on the target system.
24) Use-after-free (CVE-ID: CVE-2022-3586)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in the way the sch_sfb enqueue function used the socket buffer (SKB) cb
field after the same SKB had been enqueued (and freed) into a child
qdisc. A local user can perform a denial of service (DoS) attack.
25) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2022-3594)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the intr_callback() function in drivers/net/usb/r8152.c can be forced to include excessive data info the log files. A local user can read the log files and gain access to sensitive data.
Note, the vulnerability can be triggered remotely.
26) Buffer overflow (CVE-ID: CVE-2022-3628)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the brcmf_fweh_event_worker() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c. A local user can use a specially crafted device to trigger memory corruption and escalate privileges on the system.
27) Memory leak (CVE-ID: CVE-2022-3629)
The vulnerability allows a local user to perform DoS attack.
The vulnerability exists due memory leak within the vsock_connect() function in net/vmw_vsock/af_vsock.c in Linux kernel IPSec implementation. A local user can force the system to leak memory and perform denial of service attack.
28) Use-after-free (CVE-ID: CVE-2022-3635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the drivers/atm/idt77252.c in IPsec component of Linux kernel. A local user can trigger a use-after-free error and crash the kernel.
29) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-39189)
The vulnerability allows a guest user to escalate privileges on the system.
The vulnerability exists due to incorrect handling of TLB flush operations in certain KVM_VCPU_PREEMPTED situations in the x86 KVM subsystem in the Linux kernel. An attacker with unprivileged access to the guest OS can escalate privileges on the guest.
30) Integer overflow (CVE-ID: CVE-2022-39842)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the pxa3xx_gcu_write() function in drivers/video/fbdev/pxa3xx-gcu.c in Linux kernel. A local user can trigger an integer overflow and execute arbitrary code with escalated privileges.
31) Use-after-free (CVE-ID: CVE-2022-40307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the drivers/firmware/efi/capsule-loader.c in Linux kernel. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
32) Access of Uninitialized Pointer (CVE-ID: CVE-2022-42895)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to unauthorized access of uninitialized pointer within the l2cap_parse_conf_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can gain access to sensitive information.
33) Out-of-bounds write (CVE-ID: CVE-2022-43750)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
34) Stack-based buffer overflow (CVE-ID: CVE-2022-4378)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the __do_proc_dointvec() function. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.