SB2022021122 - openEuler update for kernel
Published: February 11, 2022 Updated: September 19, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Double Free (CVE-ID: CVE-2021-22600)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the packet_set_ring() function in net/packet/af_packet.c. A local user can pass specially crafted data to the application, trigger double free error and escalate privileges on the system.
Note, the vulnerability is being actively exploited in the wild against Android users.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-22942)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error in the vmwgfx driver in Linux kernel. A local unprivileged user can gain access to files opened by other processes on the system through a dangling 'file' pointer.
Exploiting this vulnerability requires an attacker to have access to either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an ioctl() on the resulting file descriptor.
Remediation
Install update from vendor's website.