{"schema_version":"1.7.2","id":"OESA-2023-1038","modified":"2023-01-20T11:04:48Z","published":"2023-01-20T11:04:48Z","upstream":["CVE-2022-3424","CVE-2022-4662","CVE-2022-47946","CVE-2022-4842"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free flaw was found in the Linux kernel?s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-3424)\r\n\r\nA flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.(CVE-2022-4662)\r\n\r\nAn issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.(CVE-2022-47946)\n\nA flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system.(CVE-2022-4842)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS","name":"kernel","purl":"pkg:rpm/openEuler/kernel\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-60.78.0.102.oe2203"}]}],"ecosystem_specific":{"aarch64":["kernel-tools-devel-5.10.0-60.78.0.102.oe2203.aarch64.rpm","kernel-tools-debuginfo-5.10.0-60.78.0.102.oe2203.aarch64.rpm","perf-5.10.0-60.78.0.102.oe2203.aarch64.rpm","kernel-devel-5.10.0-60.78.0.102.oe2203.aarch64.rpm","kernel-tools-5.10.0-60.78.0.102.oe2203.aarch64.rpm","kernel-debugsource-5.10.0-60.78.0.102.oe2203.aarch64.rpm","bpftool-5.10.0-60.78.0.102.oe2203.aarch64.rpm","perf-debuginfo-5.10.0-60.78.0.102.oe2203.aarch64.rpm","kernel-debuginfo-5.10.0-60.78.0.102.oe2203.aarch64.rpm","python3-perf-debuginfo-5.10.0-60.78.0.102.oe2203.aarch64.rpm","python3-perf-5.10.0-60.78.0.102.oe2203.aarch64.rpm","bpftool-debuginfo-5.10.0-60.78.0.102.oe2203.aarch64.rpm","kernel-source-5.10.0-60.78.0.102.oe2203.aarch64.rpm","kernel-5.10.0-60.78.0.102.oe2203.aarch64.rpm","kernel-headers-5.10.0-60.78.0.102.oe2203.aarch64.rpm"],"src":["kernel-5.10.0-60.78.0.102.oe2203.src.rpm"],"x86_64":["perf-debuginfo-5.10.0-60.78.0.102.oe2203.x86_64.rpm","kernel-headers-5.10.0-60.78.0.102.oe2203.x86_64.rpm","bpftool-debuginfo-5.10.0-60.78.0.102.oe2203.x86_64.rpm","kernel-devel-5.10.0-60.78.0.102.oe2203.x86_64.rpm","kernel-tools-devel-5.10.0-60.78.0.102.oe2203.x86_64.rpm","kernel-tools-5.10.0-60.78.0.102.oe2203.x86_64.rpm","perf-5.10.0-60.78.0.102.oe2203.x86_64.rpm","kernel-tools-debuginfo-5.10.0-60.78.0.102.oe2203.x86_64.rpm","kernel-5.10.0-60.78.0.102.oe2203.x86_64.rpm","kernel-debugsource-5.10.0-60.78.0.102.oe2203.x86_64.rpm","kernel-source-5.10.0-60.78.0.102.oe2203.x86_64.rpm","bpftool-5.10.0-60.78.0.102.oe2203.x86_64.rpm","python3-perf-debuginfo-5.10.0-60.78.0.102.oe2203.x86_64.rpm","kernel-debuginfo-5.10.0-60.78.0.102.oe2203.x86_64.rpm","python3-perf-5.10.0-60.78.0.102.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1038"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3424"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4662"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47946"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4842"}],"database_specific":{"severity":"High"}}