OESA-2022-2025
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2025
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-2025.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-2025
- Upstream
- Published
- 2022-10-28T11:04:28Z
- Modified
- 2025-08-12T05:11:53.148531Z
- Summary
- kernel security update
- Details
-
The Linux Kernel, the operating system core itself.
Security Fix(es):
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufxopsopen and ufxusbdisconnect.(CVE-2022-41849)
In rndissetresponse of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel(CVE-2022-20423)
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6renewoptions of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.(CVE-2022-3524)
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function areacacheget of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.(CVE-2022-3545)
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function deltimer of the file drivers/isdn/mISDN/l1oipcore.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.(CVE-2022-3565)
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.(CVE-2022-3594)
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2capreassemblesdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.(CVE-2022-3564)
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability.(CVE-2022-3566)
A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2xtpastop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability.(CVE-2022-3542)
A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2dbgfsportinit of the file drivers/net/ethernet/marvell/mvpp2/mvpp2debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability.(CVE-2022-3535)
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcmtxwork of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.(CVE-2022-3521)
- Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2025
- https://nvd.nist.gov/vuln/detail/CVE-2022-41849
- https://nvd.nist.gov/vuln/detail/CVE-2022-20423
- https://nvd.nist.gov/vuln/detail/CVE-2022-3524
- https://nvd.nist.gov/vuln/detail/CVE-2022-3545
- https://nvd.nist.gov/vuln/detail/CVE-2022-3565
- https://nvd.nist.gov/vuln/detail/CVE-2022-3594
- https://nvd.nist.gov/vuln/detail/CVE-2022-3564
- https://nvd.nist.gov/vuln/detail/CVE-2022-3566
- https://nvd.nist.gov/vuln/detail/CVE-2022-3542
- https://nvd.nist.gov/vuln/detail/CVE-2022-3535
- https://nvd.nist.gov/vuln/detail/CVE-2022-3521
Affected packages
openEuler:20.03-LTS-SP1 / kernel
Package
- Name
- kernel
- Purl
- pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.19.90-2210.4.0.0173.oe1
Ecosystem specific
{
"src": [
"kernel-4.19.90-2210.4.0.0173.oe1.src.rpm"
],
"x86_64": [
"kernel-tools-devel-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"python2-perf-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"bpftool-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"python3-perf-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"kernel-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"bpftool-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"python2-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"perf-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"kernel-devel-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"python3-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"kernel-tools-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"kernel-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"perf-debuginfo-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"kernel-source-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"kernel-debugsource-4.19.90-2210.4.0.0173.oe1.x86_64.rpm",
"kernel-tools-4.19.90-2210.4.0.0173.oe1.x86_64.rpm"
],
"aarch64": [
"kernel-tools-devel-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"kernel-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"kernel-tools-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"python3-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"kernel-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"bpftool-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"python2-perf-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"kernel-devel-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"kernel-tools-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"kernel-debugsource-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"bpftool-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"python3-perf-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"perf-debuginfo-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"python2-perf-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"kernel-source-4.19.90-2210.4.0.0173.oe1.aarch64.rpm",
"perf-4.19.90-2210.4.0.0173.oe1.aarch64.rpm"
]
}