In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542

_Published February 22, 2022_

This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 12L. Android 12L devices with a security patch level of 2022-03-01 or later are protected against these issues (Android 12L, as released on AOSP, will have a default security patch level of 2022-03-01). To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues prior to publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository as part of the Android 12L release.

The severity assessment of issues in these release notes are based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

We have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

**Announcements**

*   The issues described in this document are addressed as part of Android 12L. This information is provided for reference and transparency.
*   We would like to acknowledge and thank the security research community for their continued contributions towards securing the Android ecosystem.

**Android and Google service mitigations**

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

*   Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
*   The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

**Android 12L vulnerability details**

The sections below provide details for security vulnerabilities fixed as part of Android 12L. Vulnerabilities are grouped under the component that they affect and include details such as the CVE, associated references, type of vulnerability, and severity.

**Framework**

   

CVE

References

Type

Severity

CVE-2021-39749

A-205996115

EoP

High

CVE-2021-39743

A-201534884

EoP

Moderate

CVE-2021-39746

A-194696395

EoP

Moderate

CVE-2021-39750

A-206474016

EoP

Moderate

CVE-2021-39752

A-202756848

EoP

Moderate

CVE-2021-39758

A-205130886

EoP

Moderate

CVE-2022-20002

A-198657657

EoP

Moderate

CVE-2021-39744

A-192369136

ID

Moderate

CVE-2021-39745

A-206127671

ID

Moderate

CVE-2021-39747

A-208268457

ID

Moderate

CVE-2021-39748

A-203777141

ID

Moderate

CVE-2021-39751

A-172838801

ID

Moderate

CVE-2021-39753

A-200035185

ID

Moderate

CVE-2021-39755

A-204995407

ID

Moderate

CVE-2021-39756

A-184354287

ID

Moderate

CVE-2021-39757

A-176094662

ID

Moderate

CVE-2021-39754

A-207133709

ID

Moderate

**Media Framework**

   

CVE

References

Type

Severity

CVE-2021-39759

A-180200830

EoP

Moderate

CVE-2021-39760

A-194110526

ID

Moderate

CVE-2021-39761

A-179783181

ID

Moderate

CVE-2021-39762

A-210625816

ID

Moderate

**Platform**

   

CVE

References

Type

Severity

CVE-2021-39741

A-173567719

EoP

Moderate

CVE-2021-39763

A-199176115

EoP

Moderate

CVE-2021-39764

A-170642995

EoP

Moderate

CVE-2021-39767

A-201308542

EoP

Moderate

CVE-2021-39768

A-202017876

EoP

Moderate

CVE-2021-39771

A-198661951

EoP

Moderate

CVE-2021-25393

A-180518134

ID

Moderate

CVE-2021-39739

A-184525194

ID

Moderate

CVE-2021-39740

A-209965112

ID

Moderate

CVE-2021-39742

A-186405602

ID

Moderate

CVE-2021-39765

A-201535427

ID

Moderate

CVE-2021-39766

A-198296421

ID

Moderate

CVE-2021-39769

A-193663287

ID

Moderate

CVE-2021-39770

A-193033501

ID

Moderate

**System**

   

CVE

References

Type

Severity

CVE-2021-39776

A-192614125

EoP

High

CVE-2021-39787

A-202506934

EoP

High

CVE-2021-39772

A-181962322

EoP

Moderate

CVE-2021-39780

A-204992293

EoP

Moderate

CVE-2021-39781

A-195311502

EoP

Moderate

CVE-2021-39782

A-202760015

EoP

Moderate

CVE-2021-39783

A-197960597

EoP

Moderate

CVE-2021-39784

A-200163477

EoP

Moderate

CVE-2021-39786

A-192551247

EoP

Moderate

CVE-2021-39789

A-203880906

EoP

Moderate

CVE-2021-39790

A-186405146

EoP

Moderate

CVE-2021-39773

A-191276656

ID

Moderate

CVE-2021-39775

A-206465854

ID

Moderate

CVE-2021-39777

A-194743207

ID

Moderate

CVE-2021-39778

A-196406138

ID

Moderate

CVE-2021-39779

A-190400974

ID

Moderate

CVE-2021-39788

A-191768014

ID

Moderate

CVE-2021-39791

A-194112606

ID

Moderate

CVE-2021-39774

A-205989472

DoS

Moderate

**Additional Vulnerability details**

The section below provides details for security vulnerabilities that are being provided for disclosure purposes. **These issues are not required for SPL compliance.**

**Android TV**

   

CVE

References

Type

Severity

CVE-2021-1000

A-185190688

EoP

Moderate

CVE-2021-1033

A-185247656

EoP

Moderate

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, see Check and update your Android version.

Android 12L, as released on AOSP, has a default security patch level of 2022-03-01. Android devices running Android 12L and with a security patch level of 2022-03-01 or later address all issues contained in these security release notes.

**2\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**3\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

**Versions**

  

Version

Date

Notes

1.0

February 22, 2022

Security Release Notes Published

CVE-2021-39767: Android 12L Security Release Notes  |  Android Open Source Project

In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657

CVE-2022-20002: Android 12L Security Release Notes  |  Android Open Source Project

An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

**Note:** If your use of the APIs is failing with an error titled 'API access must use the Authorization header' then you need to read the API Authentication changes announcement

*   
*   
*   
*   
*   
*   

**Bug 1941001** (CVE-2021-3456) - CVE-2021-3456 smart\_proxy\_salt: unauthorized users can execute actions that should be reserved for foreman

Summary: CVE-2021-3456 smart\_proxy\_salt: unauthorized users can execute actions that s...

Keywords:

Status:

CLOSED NOTABUG

Alias:

CVE-2021-3456

Product:

Security Response

Classification:

Other

Component:

vulnerability

Sub Component:

Version:

unspecified

Hardware:

All

OS:

Linux

Priority:

medium

Severity:

medium

Target Milestone:

\---

Assignee:

Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

Blocks:

1940999 1941481

TreeView+

depends on / blocked

Reported:

2021-03-19 18:01 UTC by Yadnyawalk Tale

Modified:

2021-12-14 18:47 UTC (History)

CC List:

13 users (show)

Fixed In Version:

Doc Type:

\---

Doc Text:

An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.

Clone Of:

Environment:

Last Closed:

2021-03-30 11:35:14 UTC

  

Attachments

(Terms of Use)

Add an attachment (proposed patch, testcase, etc.)

  

Description Yadnyawalk Tale 2021-03-19 18:01:56 UTC

On Foreman, Salt plugin for smart-proxy introduce a flaw which allows any client to perform actions of Foreman Server.

Comment 1 Yadnyawalk Tale 2021-03-19 18:02:01 UTC

Acknowledgments:

Name: Evgeni Golov (Red Hat)
Upstream: Foreman project

Comment 2 Yadnyawalk Tale 2021-03-19 18:02:03 UTC

Statement:

Red Hat Satellite 6 does not ship smart\_proxy\_salt plugin which is affected by the vulnerability. This flaw affects upstream Foreman only.

Comment 4 Product Security DevOps Team 2021-03-30 11:35:14 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3456

Note You need to log in before you can comment on or make changes to this bug.

*   
*   
*   
*   
*   
*

CVE-2021-3456: unauthorized users can execute actions that should be reserved for foreman

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

**Advisory Information**

*   **Advisory ID:** BOSCH-SA-478243-BT
*   **CVE Numbers and CVSS v3.1 Scores:**
    *   CVE-2021-23847
        *   Base Score: 9.8 (Critical)
    *   CVE-2021-23848
        *   Base Score: 8.3 (High)
    *   CVE-2021-23852
        *   Base Score: 4.9 (Medium)
    *   CVE-2021-23853
        *   Base Score: 8.3 (High)
    *   CVE-2021-23854
        *   Base Score: 8.3 (High)
*   **Published:** 09 Jun 2021
*   **Last Updated:** 09 Jun 2021

**Summary**

Multiple vulnerabilities for Bosch IP cameras have been discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch.

Bosch rates these vulnerabilities with CVSSv3.1 base scores from 9.8 (Critical) to 4.9 (Medium), where the actual rating depends on the individual vulnerability and the final rating on the customer’s environment.

Customers are strongly advised to upgrade to the fixed versions.

These vulnerabilities were discovered by Alexander Nochvay and Andrey Muravitsky from Kaspersky ICS CERT.

**Affected Products**

*   Bosch CPP Firmware on: CPP4, CPP6, CPP7, CPP7.3, CPP13
    *   CVE-2021-23848
    *   CVE-2021-23852
    *   CVE-2021-23853
*   Bosch CPP Firmware 7.62 on: CPP6, CPP7, CPP7.3
    *   CVE-2021-23854
*   Bosch CPP Firmware 7.70 on: CPP6, CPP7, CPP7.3
    *   CVE-2021-23847
    *   CVE-2021-23854
*   Bosch CPP Firmware 7.72 on: CPP6, CPP7, CPP7.3
    *   CVE-2021-23847
    *   CVE-2021-23854
*   Bosch CPP Firmware 7.75 on: CPP13
    *   CVE-2021-23854
*   Bosch CPP Firmware 7.76 on: CPP13
    *   CVE-2021-23854
*   Bosch CPP Firmware < 7.80 B128 on: CPP6, CPP7, CPP7.3
    *   CVE-2021-23847

**Solution and Mitigations****Software Updates**

The recommended approach is to update the affected Bosch firmware to a fixed version. If an update is not possible in timely manner, users are recommended to follow the mitigations and workarounds described in the following section.

Platform

Affected/revoked firmware

Fixed firmware

CPP4

7.10

7.10.0095

CPP6

7.60, 7.61

7.62.0005

7.70, 7.80

7.80.0129

AVIOTEC

7.61, 7.72

7.72.0013

CPP7

7.60, 7.61

7.62.0005

7.70, 7.72, 7.80

7.80.0129

CPP7.3

7.60, 7.61, 7.62

7.62.0005

7.70, 7.72, 7.73, 7.80

7.80.0129

CPP13

7.75

7.75.0008

**Firewalling**

Disallowing connections from insecure networks to the camera by means of a firewall prevents the attacker from accessing the vulnerable interface.

**IP Filtering**

The camera has the possibility to whitelist networks or IP addresses to only allow access from trusted networks or IPs, preventing an attacker from accessing the camera.

**Using certificate based authentication**

To mitigate the critical vulnerability CVE-2021-23847, certificate based user authentication for the camera can be used as the SSL based authentication happens, before the vulnerable component can be accessed. This prevents an unauthenticated attacker from accessing the interface.

**Secure Configuration Environment**

It is advised to use a Bosch tool like the Configuration Manager to configure the camera, that does not allow for issues like XSS.

When using the web based configuration interface and currently being logged in as administrator, some security precautions can be taken to mitigate XSS vulnerabilities:

*   No other websites or email content should be opened as long as the session to the camera is active
    
*   No links should be clicked from an untrusted external source that link back to the camera.
    
*   Use a different browser than the system default browser to open a session to the camera as there is no XSS between browsers.
    
*   Always log out and/or close the browser (not only the tab) to clear any session data
    

**Vulnerability Details****CVE-2021-23847**

CVE description: A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device.

Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.

*   Problem Type:
    *   CWE-287 Improper Authentication
*   CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    *   Base Score: 9.8 (Critical)

**CVE-2021-23848**

CVE description: An error in the URL handler may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.

*   Problem Type:
    *   CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
*   CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
    *   Base Score: 8.3 (High)

**CVE-2021-23852**

CVE description: An authenticated attacker with administrator rights can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).

*   Problem Type:
    *   CWE-400 Uncontrolled Resource Consumption
*   CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
    *   Base Score: 4.9 (Medium)

**CVE-2021-23853**

CVE description: Improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs.

*   Problem Type:
    *   CWE-20 Improper Input Validation
*   CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
    *   Base Score: 8.3 (High)

**CVE-2021-23854**

CVE description: An error in the handling of a page parameter may lead to a reflected cross site scripting (XSS) in the web-based interface.

This issue only affects versions 7.7x and 7.6x. All other versions are not affected.

*   Problem Type:
    *   CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
*   CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
    *   Base Score: 8.3 (High)

**Remark**

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

**Additional Resources**

*   \[1\] Firmware Download Area: https://downloadstore.boschsecurity.com/index.php?type=FW

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

**Revision History**

*   09 Jun 2021: Correction of build version number of fixed firmware
*   09 Jun 2021: Initial Publication

**Appendix****Affected Plattforms and Cameras**

**CPP13**

*   AUTODOME inteox 7000i
    
*   MIC inteox 7100i
    

**CPP7.3**

*   AUTODOME IP 4000i
    
*   AUTODOME IP 5000i
    
*   AUTODOME IP starlight 5000i (IR)
    
*   AUTODOME IP starlight 7000i
    
*   DINION IP 3000i
    
*   DINION IP bullet 4000i
    
*   DINION IP bullet 5000
    
*   DINION IP bullet 5000i
    
*   DINION IP bullet 6000i
    
*   FLEXIDOME IP 3000i
    
*   FLEXIDOME IP 4000i
    
*   FLEXIDOME IP 5000i
    
*   FLEXIDOME IP starlight 5000i (IR)
    
*   FLEXIDOME IP starlight 8000i
    
*   MIC IP starlight 7000i
    
*   MIC IP starlight 7100i
    
*   MIC IP ultra 7100i
    
*   MIC IP fusion 9000i
    

**CPP7**

*   DINION IP starlight 6000
    
*   DINION IP starlight 7000
    
*   DINION IP thermal 8000
    
*   FLEXIDOME IP starlight 6000
    
*   FLEXIDOME IP starlight 7000
    
*   DINION IP thermal 9000 RM
    

**CPP6**

*   DINION IP starlight 8000 12MP
    
*   DINION IP ultra 8000 12MP
    
*   DINION IP ultra 8000 12MP with C/CS mount telephoto lens
    
*   FLEXIDOME IP panoramic 6000 12MP 180
    
*   FLEXIDOME IP panoramic 6000 12MP 360
    
*   FLEXIDOME IP panoramic 6000 12MP 180 IVA
    
*   FLEXIDOME IP panoramic 6000 12MP 360 IVA
    
*   FLEXIDOME IP panoramic 7000 12MP 180
    
*   FLEXIDOME IP panoramic 7000 12MP 360
    
*   FLEXIDOME IP panoramic 7000 12MP 180 IVA
    
*   FLEXIDOME IP panoramic 7000 12MP 360 IVA
    

**CPP4**

*   AUTODOME IP 4000 HD
    
*   AUTODOME IP 5000 HD
    
*   AUTODOME IP 5000 IR
    
*   AUTODOME 7000 series
    
*   DINION HD 1080p
    
*   DINION HD 1080p HDR
    
*   DINION HD 720p
    
*   DINION imager 9000 HD
    
*   DINION IP bullet 4000
    
*   DINION IP bullet 5000
    
*   DINION IP 4000 HD
    
*   DINION IP 5000 HD
    
*   DINION IP 5000 MP
    
*   DINION IP starlight 7000 HD
    
*   FLEXIDOME corner 9000 MP
    
*   FLEXIDOME HD 1080p
    
*   FLEXIDOME HD 1080p HDR
    
*   FLEXIDOME HD 720p
    
*   Vandal-proof FLEXIDOME HD 1080p
    
*   Vandal-proof FLEXIDOME HD 1080p HDR
    
*   Vandal-proof FLEXIDOME HD 720p
    
*   FLEXIDOME IP micro 2000 HD
    
*   FLEXIDOME IP micro 2000 IP
    
*   FLEXIDOME IP indoor 4000 HD
    
*   FLEXIDOME IP indoor 4000 IR
    
*   FLEXIDOME IP outdoor 4000 HD
    
*   FLEXIDOME IP outdoor 4000 IR
    
*   FLEXIDOME IP indoor 5000 HD
    
*   FLEXIDOME IP indoor 5000 MP
    
*   FLEXIDOME IP micro 5000 MP
    
*   FLEXIDOME IP outdoor 5000 HD
    
*   FLEXIDOME IP outdoor 5000 MP
    
*   FLEXIDOME IP panoramic 5000
    
*   IP bullet 4000 HD
    
*   IP bullet 5000 HD
    
*   IP micro 2000
    
*   IP micro 2000 HD
    
*   MIC IP dynamic 7000
    
*   MIC IP starlight 7000
    
*   TINYON IP 2000 family

CVE-2021-23850: Multiple vulnerabilities in Bosch IP cameras

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2022-25598

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.

Thanks to @uncomfyhalomacro who packaged swhkd from open suse repos, a multitude of security vulnerabilities were discovered by @mgerstner which primarily arose due to my incompetence and lack of careful review of all pull requests. I apologize for this.

The following CVE's have been fixed in this release:

    CVE-2022-27815
    CVE-2022-27814
    CVE-2022-27819
    CVE-2022-27818
    CVE-2022-27816
    

Only CVE-2022-27817 remains as it is a genuinely difficult problem to solve for us right now. After a short conversation with Kenny Levinsen ( author of seatd ) we came to the conclusion that it's not possible to get access of a seat without complete control of the session hence any compositor which is launched after swhkd won't work. We can however get the fd's of the devices, release the seat, and then pass it along to evdev but that will require a complete application rewrite.

@mgerstner did suggest to try systemd context switching with elogind for supporting various inits. As far as I can tell this implementation will have a time complexity of O(2^n) so as the number of seats increase, swhkd will start to lag because there is a considerable amount of cold start to swhkd after which the application runs fine.

I'd also like to point out that the above solution will **NOT** be portable. Distributions that decide to not build elogind support into their init systems will not be able to run swhkd and hence it's not a path that I'd fancy even if it were to fix the problem.

For now CVE-2022-27817 will probably remain stale. For single user ( single seat ) systems swhkd will function just fine.

CVE-2022-27815: Releases · waycrate/swhkd

**New features****Include multiple config files by using the `include` statement.**

    # /etc/swhkd/swhkdrc
    include /home/user/.config/swhkd/swhkdrc
    

**`@` and `~` prefixes.**

Add `@` before a keysym so that the command will run when the key is released.  
Add `~` before a keysym so that the keysym would be sent to other clients.

**What's Changed**

*   Update release.sh by @uncomfyhalomacro in #84
*   refactor: improve daemon / server code by @angelofallars in #85
*   feat: improve logs in daemon/server by @angelofallars in #86
*   Feat: multiple config file loading & '@' '~' prefix by @EdenQwQ in #87

**New Contributors**

*   @uncomfyhalomacro made their first contribution in #84

**Full Changelog**: 1.1.5...1.1.7

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.

**Details**

This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1 standards.

**CVE ID**

**Description**

**Base Score**

**Vector**

CVE‑2022‑21821

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in `cuobjdump`.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute `cuobjdump` against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.

7.8

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The NVIDIA risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk to your local installation. NVIDIA recommends evaluating the risk to your specific configuration.

**Security Updates**

The following table lists the NVIDIA software products affected, versions affected, and the updated version that includes this security update.

Download the update from the CUDA Toolkit Downloads page to apply the security update.

**CVE IDs Addressed**

**Software Product**

**Operating System**

**Affected Versions**

**Updated Version**

CVE‑2022‑21821

CUDA Toolkit

Windows and Linux

All versions prior to CUDA Toolkit 11.6 Update 2

11.6 Update 2

**Notes**

*   Earlier software releases that support this product are also affected. If you are using an earlier release, upgrade to the latest release version.

**Mitigations**

None. See Security Updates for the version to install.

**Acknowledgements**

NVIDIA thanks Leonardo Galli for reporting this issue.

**Get the Most Up to Date Product Security Information**

Visit the NVIDIA Product Security page to

*   Subscribe to security bulletin notifications
*   See the current list of NVIDIA security bulletins
*   Report a potential security issue in any NVIDIA supported product
*   Learn more about the vulnerability management process followed by the NVIDIA Product Security Incident Response Team (PSIRT)

**Revision History**

  

**Revision**

**Date**

**Description**

1.0

March 28, 2022

Initial release

**Support**

If you have any questions about this security bulletin, contact NVIDIA Support.

**Disclaimer**

ALL NVIDIA INFORMATION, DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, “MATERIALS”) ARE BEING PROVIDED “AS IS.” NVIDIA MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OR CONDITION OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

Information is believed to be accurate and reliable at the time it is furnished. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation.

CVE-2022-21821: Security Bulletin: NVIDIA CUDA Toolkit - March 2022

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

rouault pushed a commit that referenced this issue

Jul 14, 2021

DanielHeath pushed a commit to radiopaedia/openjpeg that referenced this issue

Sep 21, 2021

 

kraj pushed a commit to YoeDistro/meta-openembedded that referenced this issue

Apr 14, 2022

 

CVE: CVE-2022-1122

The defect is undergoing reanalysis and there may be follow-up commits.

Ref:
\* uclouvain/openjpeg#1368

Signed-off-by: Nicolas Marguet <nicolas.marguet@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

kraj pushed a commit to YoeDistro/meta-openembedded that referenced this issue

Apr 14, 2022

 

CVE: CVE-2022-1122

The defect is undergoing reanalysis and there may be follow-up commits.

Ref:
\* uclouvain/openjpeg#1368

Signed-off-by: Nicolas Marguet <nicolas.marguet@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

kraj pushed a commit to YoeDistro/meta-openembedded that referenced this issue

Apr 15, 2022

 

CVE: CVE-2022-1122

The defect is undergoing reanalysis and there may be follow-up commits.

Ref:
\* uclouvain/openjpeg#1368

Signed-off-by: Nicolas Marguet <nicolas.marguet@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

CVE-2022-1122: Exist a issues of freeing uninitialized pointer in src/bin/jp2/opj_decompress.c，that will cause a segfault · Issue #1368 · uclouvain/openjpeg

Tag

#dos