{"schema_version":"1.7.2","id":"OESA-2022-2133","modified":"2022-12-09T11:04:41Z","published":"2022-12-09T11:04:41Z","upstream":["CVE-2022-45934","CVE-2022-41858","CVE-2022-4095"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.(CVE-2022-45934)\n\nThere are null-ptr-deref vulnerabilities in drivers/net/slip of linux that allow attacker tocrash linux kernel by simulating slip network card from user-space of linux.[Root cause]When a slip driver is detaching, the slip_close() will act tocleanup necessary resources and sl-\u003etty is set to NULL inslip_close(). Meanwhile, the packet we transmit is blocked,sl_tx_timeout() will be called. Although slip_close() andsl_tx_timeout() use sl-\u003elock to synchronize, we don`t judgewhether sl-\u0026gt; tty equals to NULL in sl_tx_timeout() and thenull pointer dereference bug will happen.(Thread 1) | (Thread 2)| slip_close()| spin_lock_bh(\u0026amp; sl-\u0026gt; lock) sl-\u0026gt; tty = NULL //(1)sl_tx_timeout() | spin_unlock_bh(\u0026amp; sl-\u0026gt;lock)spin_lock(\u0026amp; sl-\u0026gt; lock);tty_chars_in_buffer(sl-\u0026gt; tty)|if (tty-\u0026gt; ops-\u0026gt; ..) //(2)synchronize_rcu()We set NULL to sl-\u0026gt; tty in position (1) and dereference sl-\u0026gt; ttyin position (2).(CVE-2022-41858)\n\nA use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.(CVE-2022-4095)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.90-2212.1.0.0180.oe1"}]}],"ecosystem_specific":{"aarch64":["bpftool-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","kernel-tools-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","perf-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","kernel-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","kernel-debugsource-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","perf-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","bpftool-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","python2-perf-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","kernel-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","python3-perf-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","python2-perf-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","kernel-source-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","kernel-tools-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","python3-perf-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","kernel-tools-devel-4.19.90-2212.1.0.0180.oe1.aarch64.rpm","kernel-devel-4.19.90-2212.1.0.0180.oe1.aarch64.rpm"],"src":["kernel-4.19.90-2212.1.0.0180.oe1.src.rpm"],"x86_64":["python2-perf-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","kernel-tools-devel-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","kernel-devel-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","kernel-source-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","python2-perf-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","kernel-tools-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","perf-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","kernel-tools-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","kernel-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","python3-perf-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","bpftool-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","python3-perf-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","perf-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","kernel-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","bpftool-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm","kernel-debugsource-4.19.90-2212.1.0.0180.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2133"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45934"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41858"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4095"}],"database_specific":{"severity":"High"}}