{"schema_version":"1.7.2","id":"OESA-2022-1484","modified":"2022-01-07T11:03:27Z","published":"2022-01-07T11:03:27Z","upstream":["CVE-2021-43976","CVE-2021-0941","CVE-2021-45469","CVE-2021-44733","CVE-2021-39657","CVE-2021-4135","CVE-2021-28715","CVE-2021-28714","CVE-2021-28713","CVE-2021-28712","CVE-2021-28711"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nIn the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).(CVE-2021-43976)\r\n\r\nIn bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel(CVE-2021-0941)\r\n\r\nIn __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.(CVE-2021-45469)\r\n\r\nA use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.(CVE-2021-44733)\r\n\r\nIn ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel(CVE-2021-39657)\r\n\r\nA flaw memory leak in the Linux kernel s eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.(CVE-2021-4135)\r\n\r\nThere are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long. Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.(CVE-2021-28715)\r\n\r\nThe timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing.(CVE-2021-28714)\r\n\r\nRunning PV backends in driver domains has one primary security advantage, if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (CVE-2021-28713)\r\n\r\nRunning PV backends in driver domains has one primary security advantage, if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (CVE-2021-28712)\r\n\r\nRunning PV backends in driver domains has one primary security advantage, if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (CVE-2021-28711)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2201.1.0.0132.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","bpftool-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-tools-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-source-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","python3-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","python2-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2201.1.0.0132.oe1.src.rpm"],"x86_64":["kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-tools-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","python2-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-source-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","python3-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","bpftool-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2201.1.0.0132.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2201.1.0.0131.oe1"}]}],"ecosystem_specific":{"aarch64":["python3-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","bpftool-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","kernel-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","kernel-tools-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","python2-perf-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","perf-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","kernel-devel-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","python3-perf-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","kernel-source-4.19.90-2201.1.0.0131.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2201.1.0.0131.oe1.src.rpm"],"x86_64":["kernel-debugsource-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","kernel-tools-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","python3-perf-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","perf-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","kernel-source-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","python2-perf-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","bpftool-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","kernel-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","kernel-devel-4.19.90-2201.1.0.0131.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2201.1.0.0132.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","bpftool-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-tools-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-source-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","python3-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","python2-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm","kernel-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2201.1.0.0132.oe1.src.rpm"],"x86_64":["kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-tools-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","python2-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-source-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","python3-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","bpftool-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2201.1.0.0132.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43976"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-0941"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45469"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44733"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39657"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4135"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28715"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28714"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28713"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28712"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28711"}],"database_specific":{"severity":"High"}}