openEuler 20.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 27
CVE-ID CVE-2021-47631
CVE-2021-47642
CVE-2022-49044
CVE-2022-49055
CVE-2022-49114
CVE-2022-49137
CVE-2022-49253
CVE-2022-49308
CVE-2022-49326
CVE-2022-49341
CVE-2022-49351
CVE-2022-49404
CVE-2022-49433
CVE-2022-49439
CVE-2022-49447
CVE-2022-49526
CVE-2022-49564
CVE-2022-49620
CVE-2022-49648
CVE-2022-49661
CVE-2022-49685
CVE-2023-52572
CVE-2024-54680
CVE-2024-56548
CVE-2024-56606
CVE-2025-21700
CVE-2025-21702
CWE-ID CWE-476
CWE-119
CWE-416
CWE-401
CWE-388
CWE-665
CWE-190
CWE-20
CWE-191
CWE-399
Exploitation vector Local
Public exploit N/A
Vulnerable software
openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 27 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU104649

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47631

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the da850_evm_config_emac() function in arch/arm/mach-davinci/board-da850-evm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU104808

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47642

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nvidia_setup_i2c_bus() function in drivers/video/fbdev/nvidia/nv_i2c.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU104801

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49044

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kvmalloc_array() function in drivers/md/dm-integrity.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU104620

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49055

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the alloc_event_waiters() function in drivers/gpu/drm/amd/amdkfd/kfd_events.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU104469

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49114

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fc_exch_abts_resp() function in drivers/scsi/libfc/fc_exch.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU104380

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49137

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the amdgpu_cs_fence_to_handle_ioctl() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU104234

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49253

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the s2250_probe() and i2c_unregister_device() functions in drivers/media/usb/go7007/s2250-board.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper error handling

EUVDB-ID: #VU104753

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49308

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the extcon_dev_register() and extcon_dev_unregister() functions in drivers/extcon/extcon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper Initialization

EUVDB-ID: #VU104859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49326

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the rtl8180_tx() function in drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU104251

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49341

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bpf_jit_binary_free() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU104254

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49351

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the altera_tse_mdio_create() function in drivers/net/ethernet/altera/altera_tse_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Integer overflow

EUVDB-ID: #VU104780

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49404

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the set_link_ipg() function in drivers/infiniband/hw/hfi1/init.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU104421

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49433

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sdma_clean() function in drivers/infiniband/hw/hfi1/sdma.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU104281

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49439

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fsl_rio_setup() function in arch/powerpc/sysdev/fsl_rio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU104283

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49447

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hi3xxx_smp_prepare_cpus() and hip01_boot_secondary() functions in arch/arm/mach-hisi/platsmp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Input validation error

EUVDB-ID: #VU104719

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49526

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the le32_to_cpu() and kunmap_atomic() functions in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Integer underflow

EUVDB-ID: #VU104789

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49564

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the qat_dh_compute_value() function in drivers/crypto/qat/qat_common/qat_asym_algs.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory leak

EUVDB-ID: #VU104317

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49620

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tipc_sk_create() function in net/tipc/socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU104323

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49648

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the parse_var_defs() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Memory leak

EUVDB-ID: #VU104329

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49661

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gs_can_open() and gs_can_close() functions in drivers/net/can/usb/gs_usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU104445

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49685

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iio_sysfs_trigger_remove() function in drivers/iio/trigger/iio-trig-sysfs.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU90239

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52572

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cifs_wake_up_task(), __release_mid(), wait_for_response(), cifs_sync_mid_result(), cifs_compound_callback(), compound_send_recv(), SendReceive() and SendReceiveBlockingLock() functions in fs/smb/client/transport.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU102916

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-54680

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the clean_demultiplex_info(), cifs_get_tcp_session(), cifs_crypto_secmech_release(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU102075

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56548

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU102021

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56606

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU103959

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21700

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU104074

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21702

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.3.0.0319

python3-perf: before 4.19.90-2503.3.0.0319

python2-perf-debuginfo: before 4.19.90-2503.3.0.0319

python2-perf: before 4.19.90-2503.3.0.0319

perf-debuginfo: before 4.19.90-2503.3.0.0319

perf: before 4.19.90-2503.3.0.0319

kernel-tools-devel: before 4.19.90-2503.3.0.0319

kernel-tools-debuginfo: before 4.19.90-2503.3.0.0319

kernel-tools: before 4.19.90-2503.3.0.0319

kernel-source: before 4.19.90-2503.3.0.0319

kernel-devel: before 4.19.90-2503.3.0.0319

kernel-debugsource: before 4.19.90-2503.3.0.0319

kernel-debuginfo: before 4.19.90-2503.3.0.0319

bpftool-debuginfo: before 4.19.90-2503.3.0.0319

bpftool: before 4.19.90-2503.3.0.0319

kernel: before 4.19.90-2503.3.0.0319

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1282


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###