SB20220615148 - Anolis OS update for kernel
Published: June 15, 2022 Updated: March 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 52 secuirty vulnerabilities.
1) Improper Privilege Management (CVE-ID: CVE-2020-0404)
The vulnerability allows a local authenticated user to execute arbitrary code.
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
2) Integer overflow (CVE-ID: CVE-2020-13974)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within drivers/tty/vt/keyboard.c if k_ascii is called several times in a row. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
3) Use-after-free (CVE-ID: CVE-2020-27820)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a use-after-free error in nouveau's postclose() handler. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.
4) Information disclosure (CVE-ID: CVE-2020-4788)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in IBM Power9 processors due to unspecified error. A local user can obtain sensitive information from the data in the L1 cache under extenuating circumstances.
5) Out-of-bounds read (CVE-ID: CVE-2021-0941)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in __bpf_skb_max_len() function in net/core/filter.c in the Linux kernel. A local user with special privilege can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
6) Use of insufficiently random values (CVE-ID: CVE-2021-20322)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when processing received ICMP errors. A remote attacker can effectively bypass the source port UDP randomization to gain access to sensitive information.
7) Information disclosure (CVE-ID: CVE-2021-21781)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the ARM SIGPAGE functionality. A userland application can read the contents of the sigpage, which can leak kernel memory contents.
8) Information disclosure (CVE-ID: CVE-2021-26401)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within LFENCE/JMP. A local user can gain unauthorized access to sensitive information on the system.
9) Information disclosure (CVE-ID: CVE-2017-5715)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
10) Command Injection (CVE-ID: CVE-2021-29154)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect computation of branch displacements within the BPF JIT compilers in the Linux kernel in arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. A local user can inject and execute arbitrary commands with elevated privileges.
11) Out-of-bounds write (CVE-ID: CVE-2021-3612)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in joystick devices subsystem in Linux kernel. A local user can make a specially crafted JSIOCSBTNMAP IOCTL call, trigger out-of-bounds write and execute arbitrary code with escalated privileges.
12) Resource exhaustion (CVE-ID: CVE-2021-3669)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to measuring usage of the shared memory does not scale with large shared memory segment counts. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
13) Double Free (CVE-ID: CVE-2021-37159)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to hso_free_net_device() function in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state. A local user can trigger double free and use-after-free errors and execute arbitrary code with elevated privileges.
14) Out-of-bounds read (CVE-ID: CVE-2021-3743)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a boundary condition in the Qualcomm IPC router protocol in the Linux kernel. A local user can gain access to out-of-bounds memory to leak internal kernel information or perform a denial of service attack.
15) Memory leak (CVE-ID: CVE-2021-3744)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c. A local user can force the application to leak memory and perform denial of service attack.
16) Memory leak (CVE-ID: CVE-2019-18808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the "ccp_run_sha_cmd()" function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows a local user to cause a denial of service (memory consumption).
17) Use-after-free (CVE-ID: CVE-2021-3752)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel’s Bluetooth subsystem when a user calls connect to the socket and disconnect simultaneously. A local user can escalate privileges on the system.
18) Resource exhaustion (CVE-ID: CVE-2021-3759)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the Linux kernel’s ipc functionality of the memcg subsystem when user calls the semget function multiple times, creating semaphores. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
19) Memory leak (CVE-ID: CVE-2021-3764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak error in the ccp_run_aes_gcm_cmd() function in Linux kernel. A local user can trigger a memory leak error and perform a denial of service (DoS) attack.
20) Insufficient verification of data authenticity (CVE-ID: CVE-2021-3772)
The vulnerability allows a remote attacker to perform a denial of service attack (DoS) on the target system.The vulnerability exists due to insufficient verification of data authenticity in the Linux SCTP stack. A remote attacker can exploit this vulnerability to perform a denial of service attack.
21) Information disclosure (CVE-ID: CVE-2021-3773)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the netfilter. A remote attacker can infer openvpn connection endpoint informationand gain unauthorized access to sensitive information on the system.
22) Memory leak (CVE-ID: CVE-2021-4002)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in the Linux kernel's hugetlbfs memory usage. A local user can force the application to leak memory and gain access to sensitive information.
23) Improper access control (CVE-ID: CVE-2021-4037)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the fs/inode.c:inode_init_owner() function logic of the Linux kernel. A local user can create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set to bypass implemented security restrictions and gain unauthorized access to the application.
24) Security restrictions bypass (CVE-ID: CVE-2018-13405)
The vulnerability allows a local attacker to create arbitrary files on the target system.
The vulnerability exists due to the inode_init_owner function, as defined in the fs/inode.c source code file, allows the creation of arbitrary files in set-group identification (SGID) directories. A local attacker can create arbitrary files with unintended group ownership.
25) Use-after-free (CVE-ID: CVE-2021-4083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel's garbage collection for Unix domain socket file handlers. A local user can call close() and fget() simultaneously and can potentially trigger a race condition, which in turn leads to a use-after-free error and allows privilege escalation.
26) Buffer overflow (CVE-ID: CVE-2021-4157)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Linux kernel NFS subsystem. A remote attacker can create a specially crafted data and crash the system or escalate privileges on the system
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Out-of-bounds write (CVE-ID: CVE-2021-41864)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
28) Security restrictions bypass (CVE-ID: CVE-2021-4197)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.
29) Use-after-free (CVE-ID: CVE-2021-4203)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in sock_getsockopt() function in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() function (and connect() function) in the Linux kernel. A local user can exploit the use-after-free error and crash the system or escalate privileges on the system.
30) Buffer overflow (CVE-ID: CVE-2021-42739)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary within the firewire subsystem in the Linux kernel in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files. A local privileged user can run a specially crafted program tat calls avc_ca_pmt() function to trigger memory corruption and execute arbitrary code with elevated privileges.
31) Unchecked Return Value (CVE-ID: CVE-2021-43056)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation error when handling SRR1 register values. A local user can perform a denial of service attack, when the host is running on Power8.
32) Improper Validation of Array Index (CVE-ID: CVE-2021-43389)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.The vulnerability exists due to improper validation of array index in the ISDN CAPI implementation within detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.
33) Input validation error (CVE-ID: CVE-2021-43976)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c in Linux kernel. An attacker with physical access to the system can insert a specially crafted USB device and perform a denial of service (DoS) attack.
34) Use-after-free (CVE-ID: CVE-2021-44733)
The vulnerability allows a local user to elevate privileges on the system.
The vulnerability exists due to a use-after-free error in the drivers/tee/tee_shm.c file within the TEE subsystem in the Linux kernel. A local user can trigger a race condition in tee_shm_get_from_id during an attempt to free a shared memory object and execute arbitrary code with elevated privileges.
35) Information disclosure (CVE-ID: CVE-2021-45485)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in the IPv6 implementation in the Linux kernel. A remote attacker can gain access to sensitive information.
36) Information disclosure (CVE-ID: CVE-2021-45486)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incorrect implementation of the IPv4 protocol in the Linux kernel. A remote attacker can disclose internal state in some situations.
37) Information disclosure (CVE-ID: CVE-2022-0001)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.
38) Information disclosure (CVE-ID: CVE-2022-0002)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.
39) NULL pointer dereference (CVE-ID: CVE-2022-0286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s bonding driver when user bonds non existing or fake device. A local user can perform a denial of service (DoS) attack.
40) Type conversion (CVE-ID: CVE-2022-0322)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a type conversion error in the sctp_make_strreset_req() function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel. A local user can perform a denial of service attack.
41) Use-after-free (CVE-ID: CVE-2022-1011)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the write() function of FUSE filesystem. A local user can retireve (partial) /etc/shadow hashes and execute arbitrary code with elevated privileges.
42) NULL pointer dereference (CVE-ID: CVE-2021-47501)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_dbg_dump_desc() function in drivers/net/ethernet/intel/i40e/i40e_debugfs.c. A local user can perform a denial of service (DoS) attack.
43) Buffer overflow (CVE-ID: CVE-2021-47544)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.
44) NULL pointer dereference (CVE-ID: CVE-2021-47556)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ethtool_set_coalesce() function in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.
45) Improper locking (CVE-ID: CVE-2021-47590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __mptcp_push_pending() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
46) Use-after-free (CVE-ID: CVE-2021-47614)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the add_pble_prm() function in drivers/infiniband/hw/irdma/pble.c. A local user can escalate privileges on the system.
47) Use-after-free (CVE-ID: CVE-2022-48771)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_kms_helper_buffer_finish() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c, within the vmw_fence_event_ioctl() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c, within the vmw_execbuf_fence_commands(), vmw_execbuf_copy_fence_user() and vmw_execbuf_process() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can escalate privileges on the system.
48) NULL pointer dereference (CVE-ID: CVE-2021-47435)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the start_io_acct() and dec_pending() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
49) Resource exhaustion (CVE-ID: CVE-2021-47076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
50) Buffer overflow (CVE-ID: CVE-2021-47203)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
51) Resource management error (CVE-ID: CVE-2021-47498)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dm_mq_queue_rq() function in drivers/md/dm-rq.c. A local user can perform a denial of service (DoS) attack.
52) Memory leak (CVE-ID: CVE-2022-48904)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v1_free_pgtable() function in drivers/iommu/amd/io_pgtable.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.