{"schema_version":"1.7.2","id":"OESA-2022-1926","modified":"2022-09-16T11:04:18Z","published":"2022-09-16T11:04:18Z","upstream":["CVE-2022-2991","CVE-2020-27784","CVE-2022-39189","CVE-2022-3061","CVE-2022-2663","CVE-2022-39842","CVE-2022-39188"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap-based buffer overflow was found in the Linux kernel s LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.(CVE-2022-2991)\n\nA vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().(CVE-2020-27784)\n\nAn issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.(CVE-2022-39189)\n\nFound Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn t check the value of pixclock , so it may cause a divide by zero error.(CVE-2022-3061)\n\nAn issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.(CVE-2022-2663)\n\nAn issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.(CVE-2022-39842)\n\nAn issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.(CVE-2022-39188)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2209.4.0.0168.oe1"}]}],"ecosystem_specific":{"aarch64":["kernel-devel-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","bpftool-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","kernel-source-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","kernel-tools-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","python3-perf-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","perf-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","python2-perf-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","kernel-4.19.90-2209.4.0.0168.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2209.4.0.0168.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2209.4.0.0168.oe1.src.rpm"],"x86_64":["kernel-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","kernel-devel-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","kernel-source-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","bpftool-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","python3-perf-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","kernel-tools-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","perf-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","python2-perf-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2209.4.0.0168.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2209.4.0.0168.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1926"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2991"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27784"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39189"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3061"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2663"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39842"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39188"}],"database_specific":{"severity":"High"}}