{"schema_version":"1.7.2","id":"OESA-2022-1559","modified":"2022-03-07T11:03:36Z","published":"2022-03-07T11:03:36Z","upstream":["CVE-2021-4159","CVE-2022-25258","CVE-2022-25375","CVE-2022-0617"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in the Linux kernel\u0026apos;s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace.  A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.(CVE-2021-4159)\r\n\r\nAn issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.(CVE-2022-25258)\r\n\r\nAn issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.(CVE-2022-25375)\r\n\r\nA flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.(CVE-2022-0617)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2203.1.0.0139.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","python3-perf-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-source-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","python2-perf-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","bpftool-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-devel-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-tools-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","perf-4.19.90-2203.1.0.0139.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2203.1.0.0139.oe1.src.rpm"],"x86_64":["kernel-devel-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-source-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","bpftool-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","python2-perf-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","python3-perf-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","perf-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-tools-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2203.1.0.0138.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-debuginfo-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","kernel-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","kernel-source-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","python3-perf-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","bpftool-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","kernel-devel-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","python2-perf-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","kernel-tools-4.19.90-2203.1.0.0138.oe1.aarch64.rpm","perf-4.19.90-2203.1.0.0138.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2203.1.0.0138.oe1.src.rpm"],"x86_64":["kernel-devel-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","python3-perf-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","python2-perf-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","perf-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","kernel-source-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","bpftool-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","kernel-4.19.90-2203.1.0.0138.oe1.x86_64.rpm","kernel-tools-4.19.90-2203.1.0.0138.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2203.1.0.0139.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-tools-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-source-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-devel-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","python3-perf-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","perf-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","bpftool-4.19.90-2203.1.0.0139.oe1.aarch64.rpm","python2-perf-4.19.90-2203.1.0.0139.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2203.1.0.0139.oe1.src.rpm"],"x86_64":["bpftool-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","perf-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","python2-perf-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-tools-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-devel-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","python3-perf-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-source-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2203.1.0.0139.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1559"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4159"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25258"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25375"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0617"}],"database_specific":{"severity":"Medium"}}