openEuler 24.03 LTS SP1 update for kernel

Published: 2025-02-28

Risk	Medium
Patch available	YES
Number of vulnerabilities	22
CVE-ID	CVE-2024-47794 CVE-2024-53079 CVE-2024-53164 CVE-2024-53240 CVE-2024-54680 CVE-2024-56372 CVE-2024-56607 CVE-2024-56655 CVE-2024-56658 CVE-2024-56659 CVE-2024-56717 CVE-2024-56767 CVE-2024-57792 CVE-2024-57804 CVE-2024-57807 CVE-2024-57930 CVE-2024-57946 CVE-2025-21631 CVE-2025-21656 CVE-2025-21689 CVE-2025-21699 CVE-2025-21704
CWE-ID	CWE-835 CWE-667 CWE-399 CWE-476 CWE-416 CWE-388 CWE-119 CWE-908 CWE-125
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 22 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU102971

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47794

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the bpf_attach_type_to_tramp(), __bpf_trampoline_link_prog(), __bpf_trampoline_unlink_prog(), bpf_shim_tramp_link_release() and bpf_trampoline_link_cgroup_shim() functions in kernel/bpf/trampoline.c, within the bpf_tracing_link_release() and bpf_tracing_prog_attach() functions in kernel/bpf/syscall.c, within the bpf_prog_alloc_no_stats() function in kernel/bpf/core.c, within the prog_fd_array_get_ptr() function in kernel/bpf/arraymap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper locking

EUVDB-ID: #VU100724

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53079

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the destroy_large_folio() function in mm/page_alloc.c, within the mem_cgroup_move_account(), mem_cgroup_move_charge_pte_range(), uncharge_folio() and mem_cgroup_swapout() functions in mm/memcontrol.c, within the __folio_undo_large_rmappable() and deferred_split_folio() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU102248

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53164

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the choke_drop_by_idx() function in net/sched/sch_choke.c, within the cake_drop() function in net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU101818

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-53240

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote backend to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the guest xen-netfront driver. A a malicious network backend can crash the guest OS.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU102916

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-54680

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the clean_demultiplex_info(), cifs_get_tcp_session(), cifs_crypto_secmech_release(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper error handling

EUVDB-ID: #VU102959

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56372

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the tun_napi_alloc_frags() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper locking

EUVDB-ID: #VU102166

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56607

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ath12k_mac_op_set_bitrate_mask() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper locking

EUVDB-ID: #VU102161

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56655

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nf_tables_newtable(), nf_tables_rule_destroy(), nf_tables_deactivate_set(), __nft_release_basechain_now() and __nft_release_basechain() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU102033

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56658

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the LLIST_HEAD(), net_free() and cleanup_net() functions in net/core/net_namespace.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper error handling

EUVDB-ID: #VU102201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56659

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the include/net/lapb.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU102242

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56717

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ocelot_ifh_set_basic() function in drivers/net/ethernet/mscc/ocelot.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU102397

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56767

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the at_xdmac_prep_dma_memset() function in drivers/dma/at_xdmac.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU102978

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57792

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the set_charge_current_limit() function in drivers/power/supply/gpio-charger.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU102976

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57804

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mpi3mr_read_tsu_interval(), mpi3mr_free_mem(), mpi3mr_free_config_dma_memory() and mpi3mr_process_cfg_req() functions in drivers/scsi/mpi3mr/mpi3mr_fw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU102938

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57807

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the megasas_aen_polling() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource management error

EUVDB-ID: #VU103136

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57930

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the process_string() function in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU103127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57946

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the virtblk_remove() and virtblk_restore() functions in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU103011

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21631

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bfq_waker_bfqq() function in block/bfq-iosched.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use of uninitialized resource

EUVDB-ID: #VU103132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21656

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the drivetemp_scsi_command() function in drivers/hwmon/drivetemp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU103742

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21689

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qt2_process_read_urb() function in drivers/usb/serial/quatech2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Resource management error

EUVDB-ID: #VU103923

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21699

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_gfs2_set_flags() function in fs/gfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU104139

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21704

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the acm_process_notification() and acm_ctrl_irq() functions in drivers/usb/class/cdc-acm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-79.0.0.84

python3-perf: before 6.6.0-79.0.0.84

perf-debuginfo: before 6.6.0-79.0.0.84

perf: before 6.6.0-79.0.0.84

kernel-tools-devel: before 6.6.0-79.0.0.84

kernel-tools-debuginfo: before 6.6.0-79.0.0.84

kernel-tools: before 6.6.0-79.0.0.84

kernel-source: before 6.6.0-79.0.0.84

kernel-headers: before 6.6.0-79.0.0.84

kernel-devel: before 6.6.0-79.0.0.84

kernel-debugsource: before 6.6.0-79.0.0.84

kernel-debuginfo: before 6.6.0-79.0.0.84

bpftool-debuginfo: before 6.6.0-79.0.0.84

bpftool: before 6.6.0-79.0.0.84

kernel: before 6.6.0-79.0.0.84

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1205

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.