An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1484
Final
1.0
1.0
2022-01-07
Initial
2022-01-07
2022-01-07
openEuler SA Tool V1.0
2022-01-07
kernel security update
An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
The Linux Kernel, the operating system core itself.
Security Fix(es):
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).(CVE-2021-43976)
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel(CVE-2021-0941)
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.(CVE-2021-45469)
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.(CVE-2021-44733)
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel(CVE-2021-39657)
A flaw memory leak in the Linux kernel s eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.(CVE-2021-4135)
There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long. Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.(CVE-2021-28715)
The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing.(CVE-2021-28714)
Running PV backends in driver domains has one primary security advantage, if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (CVE-2021-28713)
Running PV backends in driver domains has one primary security advantage, if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (CVE-2021-28712)
Running PV backends in driver domains has one primary security advantage, if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (CVE-2021-28711)
An update for kernel is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
kernel
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43976
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-0941
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-45469
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-44733
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-39657
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-4135
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-28715
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-28714
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-28713
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-28712
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-28711
https://nvd.nist.gov/vuln/detail/CVE-2021-43976
https://nvd.nist.gov/vuln/detail/CVE-2021-0941
https://nvd.nist.gov/vuln/detail/CVE-2021-45469
https://nvd.nist.gov/vuln/detail/CVE-2021-44733
https://nvd.nist.gov/vuln/detail/CVE-2021-39657
https://nvd.nist.gov/vuln/detail/CVE-2021-4135
https://nvd.nist.gov/vuln/detail/CVE-2021-28715
https://nvd.nist.gov/vuln/detail/CVE-2021-28714
https://nvd.nist.gov/vuln/detail/CVE-2021-28713
https://nvd.nist.gov/vuln/detail/CVE-2021-28712
https://nvd.nist.gov/vuln/detail/CVE-2021-28711
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
kernel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
bpftool-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-tools-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-source-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-debugsource-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
python3-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
python2-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
python3-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
bpftool-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
kernel-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
kernel-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
kernel-tools-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
python2-perf-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
perf-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
kernel-tools-devel-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
perf-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
bpftool-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
kernel-devel-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
python3-perf-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
kernel-debugsource-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
kernel-source-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
python2-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.aarch64.rpm
kernel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
bpftool-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-tools-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
perf-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-source-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-debugsource-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
python3-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
python2-perf-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-devel-4.19.90-2201.1.0.0132.oe1.aarch64.rpm
kernel-4.19.90-2201.1.0.0132.oe1.src.rpm
kernel-4.19.90-2201.1.0.0131.oe1.src.rpm
kernel-4.19.90-2201.1.0.0132.oe1.src.rpm
kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-tools-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
python2-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-source-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
python3-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
bpftool-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-debugsource-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-debugsource-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
kernel-tools-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
python3-perf-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
kernel-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
bpftool-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
perf-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
python3-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
kernel-tools-devel-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
kernel-source-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
python2-perf-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
kernel-tools-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
python2-perf-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
bpftool-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
kernel-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
kernel-devel-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
perf-debuginfo-4.19.90-2201.1.0.0131.oe1.x86_64.rpm
kernel-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-tools-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
python2-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
bpftool-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-source-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
python3-perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
python3-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
bpftool-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
python2-perf-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-tools-debuginfo-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
perf-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-tools-devel-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
kernel-debugsource-4.19.90-2201.1.0.0132.oe1.x86_64.rpm
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
2022-01-07
CVE-2021-43976
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Low
2.4
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel
2022-01-07
CVE-2021-0941
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.
2022-01-07
CVE-2021-45469
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
High
8.4
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
2022-01-07
CVE-2021-44733
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
High
7.0
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel
2022-01-07
CVE-2021-39657
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
4.4
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
A flaw memory leak in the Linux kernel s eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.
2022-01-07
CVE-2021-4135
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
5.1
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long. Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time
2022-01-07
CVE-2021-28715
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing.
2022-01-07
CVE-2021-28714
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
Running PV backends in driver domains has one primary security advantage,if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time.
2022-01-07
CVE-2021-28713
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
6.2
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
Running PV backends in driver domains has one primary security advantage, if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time.
2022-01-07
CVE-2021-28712
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
6.2
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484
Running PV backends in driver domains has one primary security advantage,if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time.
2022-01-07
CVE-2021-28711
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
Medium
6.2
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
kernel security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1484