Main Vulnerability Database SB2025031472

SB2025031472 - openEuler 22.03 LTS SP4 update for kernel

Published: March 14, 2025 Updated: July 3, 2025

Security Bulletin ID SB2025031472

Severity

Low

Patch available

YES

Number of vulnerabilities 13

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2022-49096)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efx_remove_channels(), efx_realloc_channels() and efx_set_channels() functions in drivers/net/ethernet/sfc/efx_channels.c. A local user can perform a denial of service (DoS) attack.

2) Integer underflow (CVE-ID: CVE-2022-49564)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the qat_dh_compute_value() function in drivers/crypto/qat/qat_common/qat_asym_algs.c. A local user can execute arbitrary code.

3) Use-after-free (CVE-ID: CVE-2022-49651)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cleanup_srcu_struct() function in kernel/rcu/srcutree.c. A local user can escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2024-54680)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the clean_demultiplex_info(), cifs_get_tcp_session(), cifs_crypto_secmech_release(), cifs_put_tcp_session() and generic_ip_connect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.

5) Resource management error (CVE-ID: CVE-2024-56723)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.

6) Memory leak (CVE-ID: CVE-2024-57947)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_pipapo_avx2_lookup_slow() function in net/netfilter/nft_set_pipapo_avx2.c, within the nft_pipapo_lookup() and pipapo_get() functions in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

7) Resource management error (CVE-ID: CVE-2024-58001)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ocfs2_fast_symlink_read_folio() function in fs/ocfs2/symlink.c. A local user can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2024-58009)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.

9) Race condition (CVE-ID: CVE-2025-21719)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the list_for_each_entry() function in net/ipv4/ipmr_base.c. A local user can perform a denial of service (DoS) attack.

10) Buffer overflow (CVE-ID: CVE-2025-21735)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nci_hci_create_pipe() function in net/nfc/nci/hci.c. A local user can escalate privileges on the system.

11) Use-after-free (CVE-ID: CVE-2025-21756)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() and __vsock_release() functions in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.

12) NULL pointer dereference (CVE-ID: CVE-2025-21779)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kvm_hv_send_ipi() and kvm_get_hv_cpuid() functions in arch/x86/kvm/hyperv.c. A local user can perform a denial of service (DoS) attack.

13) Out-of-bounds read (CVE-ID: CVE-2025-21782)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the orangefs_debug_write() function in fs/orangefs/orangefs-debugfs.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1284

Vulnerable Software

openEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-254.0.0.158
python3-perf: before 5.10.0-254.0.0.158
perf-debuginfo: before 5.10.0-254.0.0.158
perf: before 5.10.0-254.0.0.158
kernel-tools-devel: before 5.10.0-254.0.0.158
kernel-tools-debuginfo: before 5.10.0-254.0.0.158
kernel-tools: before 5.10.0-254.0.0.158
kernel-source: before 5.10.0-254.0.0.158
kernel-headers: before 5.10.0-254.0.0.158
kernel-devel: before 5.10.0-254.0.0.158
kernel-debugsource: before 5.10.0-254.0.0.158
kernel-debuginfo: before 5.10.0-254.0.0.158
bpftool-debuginfo: before 5.10.0-254.0.0.158
bpftool: before 5.10.0-254.0.0.158
kernel: before 5.10.0-254.0.0.158

SB2025031472 - openEuler 22.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human