SB2025031471 - openEuler 22.03 LTS SP3 update for kernel

Description

This security bulletin contains information about 14 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2022-49096)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efx_remove_channels(), efx_realloc_channels() and efx_set_channels() functions in drivers/net/ethernet/sfc/efx_channels.c. A local user can perform a denial of service (DoS) attack.

2) Integer underflow (CVE-ID: CVE-2022-49564)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the qat_dh_compute_value() function in drivers/crypto/qat/qat_common/qat_asym_algs.c. A local user can execute arbitrary code.

3) Use-after-free (CVE-ID: CVE-2022-49651)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cleanup_srcu_struct() function in kernel/rcu/srcutree.c. A local user can escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2023-52572)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cifs_wake_up_task(), __release_mid(), wait_for_response(), cifs_sync_mid_result(), cifs_compound_callback(), compound_send_recv(), SendReceive() and SendReceiveBlockingLock() functions in fs/smb/client/transport.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2024-54680)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the clean_demultiplex_info(), cifs_get_tcp_session(), cifs_crypto_secmech_release(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.

6) Resource management error (CVE-ID: CVE-2024-56723)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.

7) Memory leak (CVE-ID: CVE-2024-57947)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_pipapo_avx2_lookup_slow() function in net/netfilter/nft_set_pipapo_avx2.c, within the nft_pipapo_lookup() and pipapo_get() functions in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2024-58001)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ocfs2_fast_symlink_read_folio() function in fs/ocfs2/symlink.c. A local user can perform a denial of service (DoS) attack.

9) NULL pointer dereference (CVE-ID: CVE-2024-58009)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.

10) Race condition (CVE-ID: CVE-2025-21719)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the list_for_each_entry() function in net/ipv4/ipmr_base.c. A local user can perform a denial of service (DoS) attack.

11) Buffer overflow (CVE-ID: CVE-2025-21735)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nci_hci_create_pipe() function in net/nfc/nci/hci.c. A local user can escalate privileges on the system.

12) Use-after-free (CVE-ID: CVE-2025-21756)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() and __vsock_release() functions in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.

13) NULL pointer dereference (CVE-ID: CVE-2025-21779)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kvm_hv_send_ipi() and kvm_get_hv_cpuid() functions in arch/x86/kvm/hyperv.c. A local user can perform a denial of service (DoS) attack.

14) Out-of-bounds read (CVE-ID: CVE-2025-21782)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the orangefs_debug_write() function in fs/orangefs/orangefs-debugfs.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1283