OESA-2022-2015

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2015
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-2015.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2022-2015
Upstream
Published
2022-10-21T11:04:27Z
Modified
2025-09-03T06:17:54.045690Z
Summary
kernel security update
Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

A use-after-free flaw was found in fs/ext4/namei.c:dxinsertblock() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.(CVE-2022-1184)

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTLDSPSYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition(CVE-2022-3303)

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufxopsopen and ufxusbdisconnect.(CVE-2022-41849)

In binderincreffornode of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel(CVE-2022-20421)

In emulationprochandler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel(CVE-2022-20422)

A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fibnhmatch of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.(CVE-2022-3435)

An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211bssinfo_update function in net/mac80211/scan.c.(CVE-2022-41674)

roccatreportevent in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.(CVE-2022-41850)

mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.(CVE-2022-42703)

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.(CVE-2022-42719)

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.(CVE-2022-42720)

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.(CVE-2022-42721)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:22.03-LTS / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.0-60.61.0.88.oe2203

Ecosystem specific

{
    "x86_64": [
        "kernel-tools-devel-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "kernel-debugsource-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "kernel-source-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "kernel-tools-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "kernel-headers-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "bpftool-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "kernel-devel-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "kernel-tools-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "kernel-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "perf-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "bpftool-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "kernel-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "python3-perf-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "python3-perf-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm",
        "perf-debuginfo-5.10.0-60.61.0.88.oe2203.x86_64.rpm"
    ],
    "src": [
        "kernel-5.10.0-60.61.0.88.oe2203.src.rpm"
    ],
    "aarch64": [
        "kernel-debugsource-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "kernel-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "kernel-tools-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "bpftool-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "kernel-source-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "perf-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "bpftool-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "perf-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "kernel-devel-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "kernel-headers-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "python3-perf-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "python3-perf-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "kernel-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "kernel-tools-devel-5.10.0-60.61.0.88.oe2203.aarch64.rpm",
        "kernel-tools-debuginfo-5.10.0-60.61.0.88.oe2203.aarch64.rpm"
    ]
}