{"schema_version":"1.7.2","id":"OESA-2022-2026","modified":"2022-10-28T11:04:28Z","published":"2022-10-28T11:04:28Z","upstream":["CVE-2022-41849","CVE-2022-20423","CVE-2022-3524","CVE-2022-3545","CVE-2022-3565","CVE-2022-3594","CVE-2022-3564","CVE-2022-3566","CVE-2022-3542","CVE-2022-3535","CVE-2022-3521"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\ndrivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.(CVE-2022-41849)\r\n\r\nIn rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel(CVE-2022-20423)\r\n\r\nA vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.(CVE-2022-3524)\r\n\r\nA vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.(CVE-2022-3545)\r\n\r\nA vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.(CVE-2022-3565)\r\n\r\nA vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.(CVE-2022-3594)\n\nA vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.(CVE-2022-3564)\n\nA vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.(CVE-2022-3566)\n\nA vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability.(CVE-2022-3542)\n\nA vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability.(CVE-2022-3535)\n\nA vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.(CVE-2022-3521)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2210.4.0.0173.oe1"}]}],"ecosystem_specific":{"aarch64":["bpftool-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","kernel-source-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","perf-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","kernel-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","python3-perf-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","kernel-tools-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","kernel-devel-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","python2-perf-4.19.90-2210.4.0.0173.oe1.aarch64.rpm","bpftool-4.19.90-2210.4.0.0173.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2210.4.0.0173.oe1.src.rpm"],"x86_64":["kernel-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","bpftool-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","perf-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","python3-perf-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","python2-perf-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","kernel-source-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","kernel-tools-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","kernel-devel-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2210.4.0.0173.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2026"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41849"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-20423"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3524"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3545"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3565"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3594"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3564"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3566"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3542"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3535"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3521"}],"database_specific":{"severity":"High"}}