SB2025031473 - openEuler 24.03 LTS update for kernel
Published: March 14, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2023-52926)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the io_rw_init_file() function in io_uring/rw.c. A local user can escalate privileges on the system.
2) Buffer overflow (CVE-ID: CVE-2024-54456)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfs_sysfs_link_rpc_client() function in fs/nfs/sysfs.c. A local user can escalate privileges on the system.
3) Integer overflow (CVE-ID: CVE-2024-57899)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ieee80211_mbss_info_change_notify() function in net/mac80211/mesh.c. A local user can execute arbitrary code.
4) NULL pointer dereference (CVE-ID: CVE-2024-57981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2024-58001)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_fast_symlink_read_folio() function in fs/ocfs2/symlink.c. A local user can perform a denial of service (DoS) attack.
6) Improper locking (CVE-ID: CVE-2024-58070)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bpf_local_storage_map_alloc() function in kernel/bpf/bpf_local_storage.c. A local user can perform a denial of service (DoS) attack.
7) Use-after-free (CVE-ID: CVE-2025-21729)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtw89_ops_cancel_hw_scan() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can escalate privileges on the system.
8) Use-after-free (CVE-ID: CVE-2025-21732)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_ib_invalidate_range() function in drivers/infiniband/hw/mlx5/odp.c, within the mlx5_revoke_mr() function in drivers/infiniband/hw/mlx5/mr.c. A local user can escalate privileges on the system.
9) Integer overflow (CVE-ID: CVE-2025-21736)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nilfs_fiemap() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.
10) Out-of-bounds read (CVE-ID: CVE-2025-21743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2025-21767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clocksource_verify_percpu() function in kernel/time/clocksource.c. A local user can perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2025-21776)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hub_probe() function in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
13) Out-of-bounds read (CVE-ID: CVE-2025-21782)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the orangefs_debug_write() function in fs/orangefs/orangefs-debugfs.c. A local user can perform a denial of service (DoS) attack.
14) NULL pointer dereference (CVE-ID: CVE-2025-21783)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gpiochip_get_ngpios() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.
15) Out-of-bounds read (CVE-ID: CVE-2025-21789)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_csum() function in arch/loongarch/lib/csum.c. A local user can perform a denial of service (DoS) attack.
16) Input validation error (CVE-ID: CVE-2025-21795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_run_cb_work() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2025-21796)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the posix_acl_release() function in fs/nfsd/nfs3acl.c, within the posix_acl_release() function in fs/nfsd/nfs2acl.c. A local user can escalate privileges on the system.
18) NULL pointer dereference (CVE-ID: CVE-2025-21814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ptp_getcycles64() and ptp_clock_register() functions in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.
19) Use-after-free (CVE-ID: CVE-2025-21817)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the queue_attr_store() function in block/blk-sysfs.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.