OESA-2022-1484

In the Linux kernel through 5.15.2, mwifiexusbrecv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skboverpanic).(CVE-2021-43976)

In bpfskbchange_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel(CVE-2021-0941)

In _f2fssetxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.(CVE-2021-45469)

A use-after-free exists in drivers/tee/teeshm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in teeshmgetfrom_id during an attempt to free a shared memory object.(CVE-2021-44733)

In ufshcdehdeviceresethandler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel(CVE-2021-39657)

A flaw memory leak in the Linux kernel s eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsimmapalloc_elem being called. A local user could use this flaw to get unauthorized access to some data.(CVE-2021-4135)

There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long. Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.(CVE-2021-28715)

The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing.(CVE-2021-28714)

Running PV backends in driver domains has one primary security advantage, if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (CVE-2021-28713)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / kernel

Package

Name: kernel
Purl: pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.19.90-2201.1.0.0132.oe1

Ecosystem specific

{
    "src": [
        "kernel-4.19.90-2201.1.0.0132.oe1.src.rpm"
    ],
    "x86_64": [
        "kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-tools-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "python2-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-source-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "python3-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "bpftool-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-debugsource-4.19.90-2201.1.0.0132.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "kernel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "bpftool-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-tools-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-source-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-debugsource-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "python3-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "python2-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / kernel

Package

Name: kernel
Purl: pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.19.90-2201.1.0.0131.oe1

Ecosystem specific

{
    "src": [
        "kernel-4.19.90-2201.1.0.0131.oe1.src.rpm"
    ],
    "x86_64": [
        "kernel-debugsource-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "kernel-tools-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "python3-perf-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "perf-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "kernel-source-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "python2-perf-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "bpftool-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "kernel-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "kernel-devel-4.19.90-2201.1.0.0131.oe1.x86_64.rpm",
        "perf-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "python3-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "bpftool-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "kernel-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "kernel-tools-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "python2-perf-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "perf-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "perf-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "kernel-devel-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "python3-perf-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "kernel-debugsource-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "kernel-source-4.19.90-2201.1.0.0131.oe1.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / kernel

Package

Name: kernel
Purl: pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.19.90-2201.1.0.0132.oe1

Ecosystem specific

{
    "src": [
        "kernel-4.19.90-2201.1.0.0132.oe1.src.rpm"
    ],
    "x86_64": [
        "kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-tools-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "python2-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-source-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "python3-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "bpftool-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm",
        "kernel-debugsource-4.19.90-2201.1.0.0132.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "kernel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "bpftool-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-tools-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-source-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-debugsource-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "python3-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "python2-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm",
        "kernel-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm"
    ]
}