SB2022051644 - Anolis OS update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022051644

SB2022051644 - Anolis OS update for kernel

Published: May 16, 2022 Updated: September 19, 2025

Security Bulletin ID SB2022051644
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 8% Medium 8% Low 85%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-36516)

The vulnerability allows a remote attacker to perform a denial of service (DoS) or MitM attacks.

The vulnerability exists due to an error in the mixed IPID assignment method with the hash-based IPID assignment policy in Linux kernel. A remote attacker can inject data into a victim's TCP session or terminate that session.


2) Double Free (CVE-ID: CVE-2021-22600)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the packet_set_ring() function in net/packet/af_packet.c. A local user can pass specially crafted data to the application, trigger double free error and escalate privileges on the system.

Note, the vulnerability is being actively exploited in the wild against Android users.


3) Information disclosure (CVE-ID: CVE-2021-4135)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to simulated networking device driver for the Linux kernel does not properly initialize memory in certain situations. A local user can gain unauthorized access to sensitive information (kernel memory).


4) Out-of-bounds read (CVE-ID: CVE-2021-4204)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition in Linux kernel eBPF. A local user trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.


5) NULL pointer dereference (CVE-ID: CVE-2021-44879)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the gc_data_segment() function in fs/f2fs/gc.c. A local user can mount a specially crafted f2fs image, trigger a NULL pointer dereference and perform a denial of service (DoS) attack.


6) Out-of-bounds read (CVE-ID: CVE-2021-45402)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to check_alu_op() function in kernel/bpf/verifier.c does not properly update bounds while handling the mov32 instruction. A local user can obtain potentially sensitive address information.


7) Out-of-bounds write (CVE-ID: CVE-2022-0995)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Linux kernel’s watch_queue event notification subsystem. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


8) Use-after-free (CVE-ID: CVE-2022-1011)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the write() function of FUSE filesystem. A local user can retireve (partial) /etc/shadow hashes and execute arbitrary code with elevated privileges.


9) Use-after-free (CVE-ID: CVE-2022-1016)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.


10) Security restrictions bypass (CVE-ID: CVE-2022-23222)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to availability of pointer arithmetic via certain *_OR_NULL pointer types in kernel/bpf/verifier.c in the Linux kernel. A local user can run a specially crafted program to execute arbitrary code with root privileges.


11) Missing initialization of resource (CVE-ID: CVE-2022-24448)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to missing initialization of resource within the fs/nfs/dir.c in the Linux kernel. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.


12) Heap-based buffer overflow (CVE-ID: CVE-2022-25636)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in net/netfilter/nf_dup_netdev.c in the Linux kernel, related to nf_tables_offload. A local user can trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.


13) Heap-based buffer overflow (CVE-ID: CVE-2022-27666)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c in Linux kernel. A local unprivileged user can pass specially crafted data to the system, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.


Remediation

Install update from vendor's website.

References