{"id":"OESA-2023-1036","summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.(CVE-2022-2873)\r\n\r\nAn incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.(CVE-2022-3903)\r\n\r\nAn issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().(CVE-2022-3108)\r\n\r\nAn issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.(CVE-2022-3114)\r\n\r\nA regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a(CVE-2022-2196)\r\n\r\nAn issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.(CVE-2022-47942)\r\n\r\nAn issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.(CVE-2022-47940)\r\n\r\nAn issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.(CVE-2022-47943)","modified":"2026-03-11T06:31:09.703190Z","published":"2023-01-13T11:04:48Z","upstream":["CVE-2022-2196","CVE-2022-2873","CVE-2022-3108","CVE-2022-3114","CVE-2022-3903","CVE-2022-47940","CVE-2022-47942","CVE-2022-47943"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1036"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2873"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3903"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3108"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3114"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2196"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47942"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47940"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47943"}],"affected":[{"package":{"name":"kernel","ecosystem":"openEuler:22.03-LTS-SP1","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-136.14.2.90.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["perf-debuginfo-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","bpftool-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","kernel-debuginfo-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","bpftool-debuginfo-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","kernel-debugsource-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","kernel-source-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","python3-perf-debuginfo-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","python3-perf-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","kernel-tools-debuginfo-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","kernel-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","perf-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","kernel-tools-devel-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","kernel-headers-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","kernel-devel-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm","kernel-tools-5.10.0-136.14.2.90.oe2203sp1.aarch64.rpm"],"src":["kernel-5.10.0-136.14.2.90.oe2203sp1.src.rpm"],"x86_64":["bpftool-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","kernel-tools-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","perf-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","kernel-tools-devel-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","kernel-tools-debuginfo-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","bpftool-debuginfo-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","perf-debuginfo-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","kernel-source-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","kernel-devel-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","kernel-debugsource-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","python3-perf-debuginfo-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","kernel-debuginfo-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","python3-perf-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","kernel-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm","kernel-headers-5.10.0-136.14.2.90.oe2203sp1.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2023-1036.json"}}],"schema_version":"1.7.5"}