{"schema_version":"1.7.2","id":"OESA-2022-1985","modified":"2022-10-14T11:04:24Z","published":"2022-10-14T11:04:24Z","upstream":["CVE-2022-1184","CVE-2022-39842","CVE-2022-3303","CVE-2022-2663"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.(CVE-2022-1184)\n\nAn issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.(CVE-2022-39842)\n\nA race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition(CVE-2022-3303)\n\nAn issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.(CVE-2022-2663)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2210.1.0.0171.oe1"}]}],"ecosystem_specific":{"aarch64":["perf-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","kernel-devel-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","kernel-source-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","bpftool-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","kernel-tools-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","python3-perf-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","kernel-4.19.90-2210.1.0.0171.oe1.aarch64.rpm","python2-perf-4.19.90-2210.1.0.0171.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2210.1.0.0171.oe1.src.rpm"],"x86_64":["bpftool-debuginfo-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","kernel-tools-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","python2-perf-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","python3-perf-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","kernel-devel-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","kernel-source-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","bpftool-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","kernel-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2210.1.0.0171.oe1.x86_64.rpm","perf-4.19.90-2210.1.0.0171.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1985"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1184"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39842"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3303"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2663"}],"database_specific":{"severity":"Medium"}}