SB2022123018 - openEuler 22.03 LTS update for kernel
Published: December 30, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Double Free (CVE-ID: CVE-2022-4095)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the cmd_hdl_filter() function in drivers/staging/rtl8712/rtl8712_cmd.c. A local user can trigger a double free error and execute arbitrary code with escalated privileges.
2) NULL pointer dereference (CVE-ID: CVE-2022-41858)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the sl_tx_timeout() function in drivers/net/slip in Linux kernel. A local user can perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2022-4129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
4) Improper input validation (CVE-ID: CVE-2022-20568)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the io_uring subcomponent in Kernel components. A local application can execute arbitrary code.
5) Use-after-free (CVE-ID: CVE-2022-20566)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_chan_put() function in Bluetooth L2CAP implementation. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.
6) Input validation error (CVE-ID: CVE-2022-3643)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of network packets. An attacker with access to the guest OS can trigger the related physical NIC on the host to reset, abort, or crash by sending certain kinds of packets.
7) Incorrect authorization (CVE-ID: CVE-2022-20572)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing permission check within the verity_target() function in dm-verity-target.c. A local user can modify read-only files and escalate privileges on the system.
8) Stack-based buffer overflow (CVE-ID: CVE-2022-4378)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the __do_proc_dointvec() function. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
9) Use-after-free (CVE-ID: CVE-2022-41218)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_demux_open() and dvb_dmxdev_release() function in drivers/media/dvb-core/dmxdev.c in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
10) Resource management error (CVE-ID: CVE-2022-42328)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.
11) Resource management error (CVE-ID: CVE-2022-42329)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.
12) Out-of-bounds write (CVE-ID: CVE-2022-47518)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing a number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver. A local user can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames and execute arbitrary code with elevated privileges.
13) Out-of-bounds write (CVE-ID: CVE-2022-47519)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver. A local user can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames and execute arbitrary code with elevated privileges.
14) Out-of-bounds read (CVE-ID: CVE-2022-47520)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver. A local user can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet and perform a denial of service (DoS) attack.
15) Out-of-bounds write (CVE-ID: CVE-2022-47521)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver. A local user trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames and execute arbitrary code with elevated privileges.
16) Unchecked Return Value (CVE-ID: CVE-2022-3108)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to unchecked return value within the kfd_parse_subtype_iolink() function in drivers/gpu/drm/amd/amdkfd/kfd_crat.c. A local user can crash the kernel.
Remediation
Install update from vendor's website.