OESA-2022-2147

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2147
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-2147.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-2147
Upstream
Published
2022-12-24T11:04:42Z
Modified
2025-08-12T05:11:57.135449Z
Summary
kernel security update
Details

The Linux Kernel, the operating system core itself.

Security Fix(es):

In l2capchanput of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel(CVE-2022-20566)

An issue was discovered in the Linux kernel through 5.16-rc6. netvscgetethtoolstats in drivers/net/hyperv/netvscdrv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.(CVE-2022-3107)

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.(CVE-2022-3643)

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.(CVE-2022-3903)

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).(CVE-2022-42329)

Database specific 
{
    "severity": "Critical"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.90-2212.3.0.0182.oe1

Ecosystem specific 

{
    "aarch64": [
        "kernel-debugsource-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "perf-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "python3-perf-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "bpftool-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "perf-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-source-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "python2-perf-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "bpftool-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-devel-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-tools-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "kernel-tools-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "python2-perf-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-debugsource-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "perf-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "perf-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-devel-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "bpftool-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-source-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "python3-perf-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-tools-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm"
    ],
    "src": [
        "kernel-4.19.90-2212.3.0.0182.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / kernel

Package

Name
kernel
Purl
pkg:rpm/openEuler/kernel&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.90-2212.3.0.0182.oe1

Ecosystem specific 

{
    "aarch64": [
        "bpftool-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "bpftool-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-tools-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-devel-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "python2-perf-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "perf-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "python2-perf-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "perf-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "python3-perf-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-tools-debuginfo-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-debugsource-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-tools-devel-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "python3-perf-4.19.90-2212.3.0.0182.oe1.aarch64.rpm",
        "kernel-source-4.19.90-2212.3.0.0182.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "bpftool-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "python2-perf-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-devel-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "python2-perf-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "python3-perf-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "perf-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "python3-perf-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-tools-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "perf-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "bpftool-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-tools-debuginfo-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-tools-devel-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-source-4.19.90-2212.3.0.0182.oe1.x86_64.rpm",
        "kernel-debugsource-4.19.90-2212.3.0.0182.oe1.x86_64.rpm"
    ],
    "src": [
        "kernel-4.19.90-2212.3.0.0182.oe1.src.rpm"
    ]
}