{"schema_version":"1.7.2","id":"OESA-2023-1012","modified":"2023-01-06T11:04:46Z","published":"2023-01-06T11:04:46Z","upstream":["CVE-2022-47938","CVE-2022-47941","CVE-2022-47939"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.(CVE-2022-47938)\r\n\r\nAn issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.(CVE-2022-47941)\r\n\r\nAn issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.(CVE-2022-47939)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-60.74.0.98.oe2203"}]}],"ecosystem_specific":{"aarch64":["kernel-5.10.0-60.74.0.98.oe2203.aarch64.rpm","kernel-headers-5.10.0-60.74.0.98.oe2203.aarch64.rpm","kernel-tools-devel-5.10.0-60.74.0.98.oe2203.aarch64.rpm","bpftool-debuginfo-5.10.0-60.74.0.98.oe2203.aarch64.rpm","kernel-debuginfo-5.10.0-60.74.0.98.oe2203.aarch64.rpm","python3-perf-5.10.0-60.74.0.98.oe2203.aarch64.rpm","kernel-source-5.10.0-60.74.0.98.oe2203.aarch64.rpm","bpftool-5.10.0-60.74.0.98.oe2203.aarch64.rpm","kernel-devel-5.10.0-60.74.0.98.oe2203.aarch64.rpm","python3-perf-debuginfo-5.10.0-60.74.0.98.oe2203.aarch64.rpm","perf-debuginfo-5.10.0-60.74.0.98.oe2203.aarch64.rpm","kernel-debugsource-5.10.0-60.74.0.98.oe2203.aarch64.rpm","kernel-tools-debuginfo-5.10.0-60.74.0.98.oe2203.aarch64.rpm","kernel-tools-5.10.0-60.74.0.98.oe2203.aarch64.rpm","perf-5.10.0-60.74.0.98.oe2203.aarch64.rpm"],"src":["kernel-5.10.0-60.74.0.98.oe2203.src.rpm"],"x86_64":["bpftool-debuginfo-5.10.0-60.74.0.98.oe2203.x86_64.rpm","python3-perf-debuginfo-5.10.0-60.74.0.98.oe2203.x86_64.rpm","python3-perf-5.10.0-60.74.0.98.oe2203.x86_64.rpm","bpftool-5.10.0-60.74.0.98.oe2203.x86_64.rpm","kernel-tools-debuginfo-5.10.0-60.74.0.98.oe2203.x86_64.rpm","perf-debuginfo-5.10.0-60.74.0.98.oe2203.x86_64.rpm","kernel-5.10.0-60.74.0.98.oe2203.x86_64.rpm","kernel-devel-5.10.0-60.74.0.98.oe2203.x86_64.rpm","kernel-headers-5.10.0-60.74.0.98.oe2203.x86_64.rpm","perf-5.10.0-60.74.0.98.oe2203.x86_64.rpm","kernel-tools-devel-5.10.0-60.74.0.98.oe2203.x86_64.rpm","kernel-debugsource-5.10.0-60.74.0.98.oe2203.x86_64.rpm","kernel-source-5.10.0-60.74.0.98.oe2203.x86_64.rpm","kernel-debuginfo-5.10.0-60.74.0.98.oe2203.x86_64.rpm","kernel-tools-5.10.0-60.74.0.98.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1012"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47938"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47941"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47939"}],"database_specific":{"severity":"Critical"}}