An update for kernel is now available for openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2134 Final 1.0 1.0 2022-12-09 Initial 2022-12-09 2022-12-09 openEuler SA Tool V1.0 2022-12-09 kernel security update An update for kernel is now available for openEuler-20.03-LTS-SP3. The Linux Kernel, the operating system core itself. Security Fix(es): An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.(CVE-2022-45934) There are null-ptr-deref vulnerabilities in drivers/net/slip of linux that allow attacker tocrash linux kernel by simulating slip network card from user-space of linux.[Root cause]When a slip driver is detaching, the slip_close() will act tocleanup necessary resources and sl->tty is set to NULL inslip_close(). Meanwhile, the packet we transmit is blocked,sl_tx_timeout() will be called. Although slip_close() andsl_tx_timeout() use sl->lock to synchronize, we don`t judgewhether sl-> tty equals to NULL in sl_tx_timeout() and thenull pointer dereference bug will happen.(Thread 1) | (Thread 2)| slip_close()| spin_lock_bh(& sl-> lock) sl-> tty = NULL //(1)sl_tx_timeout() | spin_unlock_bh(& sl->lock)spin_lock(& sl-> lock);tty_chars_in_buffer(sl-> tty)|if (tty-> ops-> ..) //(2)synchronize_rcu()We set NULL to sl-> tty in position (1) and dereference sl-> ttyin position (2).(CVE-2022-41858) A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.(CVE-2022-4095) An update for kernel is now available for openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kernel https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2134 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-45934 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-41858 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-4095 https://nvd.nist.gov/vuln/detail/CVE-2022-45934 https://nvd.nist.gov/vuln/detail/CVE-2022-41858 https://nvd.nist.gov/vuln/detail/CVE-2022-4095 openEuler-20.03-LTS-SP3 perf-4.19.90-2212.1.0.0180.oe1.aarch64.rpm kernel-devel-4.19.90-2212.1.0.0180.oe1.aarch64.rpm kernel-tools-4.19.90-2212.1.0.0180.oe1.aarch64.rpm kernel-4.19.90-2212.1.0.0180.oe1.aarch64.rpm python2-perf-4.19.90-2212.1.0.0180.oe1.aarch64.rpm python3-perf-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm kernel-debugsource-4.19.90-2212.1.0.0180.oe1.aarch64.rpm python2-perf-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm bpftool-4.19.90-2212.1.0.0180.oe1.aarch64.rpm perf-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm kernel-tools-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm bpftool-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm kernel-debuginfo-4.19.90-2212.1.0.0180.oe1.aarch64.rpm kernel-tools-devel-4.19.90-2212.1.0.0180.oe1.aarch64.rpm python3-perf-4.19.90-2212.1.0.0180.oe1.aarch64.rpm kernel-source-4.19.90-2212.1.0.0180.oe1.aarch64.rpm kernel-4.19.90-2212.1.0.0180.oe1.src.rpm python2-perf-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm kernel-4.19.90-2212.1.0.0180.oe1.x86_64.rpm bpftool-4.19.90-2212.1.0.0180.oe1.x86_64.rpm bpftool-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm kernel-debugsource-4.19.90-2212.1.0.0180.oe1.x86_64.rpm perf-4.19.90-2212.1.0.0180.oe1.x86_64.rpm python3-perf-4.19.90-2212.1.0.0180.oe1.x86_64.rpm kernel-tools-4.19.90-2212.1.0.0180.oe1.x86_64.rpm perf-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm kernel-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm kernel-source-4.19.90-2212.1.0.0180.oe1.x86_64.rpm kernel-tools-devel-4.19.90-2212.1.0.0180.oe1.x86_64.rpm python2-perf-4.19.90-2212.1.0.0180.oe1.x86_64.rpm kernel-devel-4.19.90-2212.1.0.0180.oe1.x86_64.rpm kernel-tools-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm python3-perf-debuginfo-4.19.90-2212.1.0.0180.oe1.x86_64.rpm An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. 2022-12-09 CVE-2022-45934 openEuler-20.03-LTS-SP3 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H kernel security update 2022-12-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2134 There are null-ptr-deref vulnerabilities in drivers/net/slip of linux that allow attacker tocrash linux kernel by simulating slip network card from user-space of linux.[Root cause]When a slip driver is detaching, the slip_close() will act tocleanup necessary resources and sl->tty is set to NULL inslip_close(). Meanwhile, the packet we transmit is blocked,sl_tx_timeout() will be called. Although slip_close() andsl_tx_timeout() use sl->lock to synchronize, we don`t judgewhether sl-> tty equals to NULL in sl_tx_timeout() and thenull pointer dereference bug will happen.(Thread 1) | (Thread 2)| slip_close()| spin_lock_bh(& sl-> lock) sl-> tty = NULL //(1)sl_tx_timeout() | spin_unlock_bh(& sl->lock)spin_lock(& sl-> lock);tty_chars_in_buffer(sl-> tty)|if (tty-> ops-> ..) //(2)synchronize_rcu()We set NULL to sl-> tty in position (1) and dereference sl-> ttyin position (2). 2022-12-09 CVE-2022-41858 openEuler-20.03-LTS-SP3 Medium 4.7 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H kernel security update 2022-12-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2134 A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. 2022-12-09 CVE-2022-4095 openEuler-20.03-LTS-SP3 Medium 6.3 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H kernel security update 2022-12-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2134