{"schema_version":"1.7.2","id":"OESA-2022-1539","modified":"2022-02-26T11:03:33Z","published":"2022-02-26T11:03:33Z","upstream":["CVE-2022-0492","CVE-2022-24448","CVE-2022-0435","CVE-2022-24959","CVE-2022-24958"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself. Security Fix(es): In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2022-0492) An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.(CVE-2022-24448) A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.(CVE-2022-0435) An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.(CVE-2022-24959) drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev-\u003ebuf release.(CVE-2022-24958)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2202.3.0.0138.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-tools-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-tools-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","python2-perf-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-source-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","perf-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","bpftool-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","python3-perf-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-devel-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2202.3.0.0138.oe1.src.rpm"],"x86_64":["kernel-tools-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","bpftool-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","perf-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-devel-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","python2-perf-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","python3-perf-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-source-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2202.3.0.0137.oe1"}]}],"ecosystem_specific":{"aarch64":["python3-perf-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","kernel-tools-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","bpftool-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","kernel-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","perf-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","kernel-source-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","kernel-devel-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","python2-perf-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2202.3.0.0137.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2202.3.0.0137.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2202.3.0.0137.oe1.src.rpm"],"x86_64":["perf-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","kernel-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","python3-perf-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","kernel-tools-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","bpftool-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","kernel-devel-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","kernel-source-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2202.3.0.0137.oe1.x86_64.rpm","python2-perf-4.19.90-2202.3.0.0137.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2202.3.0.0138.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-source-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","python2-perf-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","python3-perf-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","perf-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-devel-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","bpftool-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-tools-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2202.3.0.0138.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2202.3.0.0138.oe1.src.rpm"],"x86_64":["perf-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-source-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","python3-perf-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-tools-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","bpftool-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","python2-perf-4.19.90-2202.3.0.0138.oe1.x86_64.rpm","kernel-devel-4.19.90-2202.3.0.0138.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1539"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0492"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24448"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0435"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24959"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24958"}],"database_specific":{"severity":"High"}}