openEuler 24.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 79
CVE-ID CVE-2023-52926
CVE-2024-41935
CVE-2024-47143
CVE-2024-47809
CVE-2024-48881
CVE-2024-53141
CVE-2024-53148
CVE-2024-53156
CVE-2024-53176
CVE-2024-53177
CVE-2024-53178
CVE-2024-53181
CVE-2024-53185
CVE-2024-53210
CVE-2024-53214
CVE-2024-53216
CVE-2024-53233
CVE-2024-54456
CVE-2024-56531
CVE-2024-56533
CVE-2024-56539
CVE-2024-56545
CVE-2024-56551
CVE-2024-56558
CVE-2024-56566
CVE-2024-56573
CVE-2024-56574
CVE-2024-56576
CVE-2024-56577
CVE-2024-56579
CVE-2024-56587
CVE-2024-56593
CVE-2024-56600
CVE-2024-56601
CVE-2024-56602
CVE-2024-56603
CVE-2024-56606
CVE-2024-56625
CVE-2024-56628
CVE-2024-56636
CVE-2024-56637
CVE-2024-56643
CVE-2024-56644
CVE-2024-56645
CVE-2024-56650
CVE-2024-56651
CVE-2024-56678
CVE-2024-56689
CVE-2024-56704
CVE-2024-56707
CVE-2024-56723
CVE-2024-56724
CVE-2024-56725
CVE-2024-56727
CVE-2024-56746
CVE-2024-56751
CVE-2024-56754
CVE-2024-56774
CVE-2024-56783
CVE-2024-56785
CVE-2024-57838
CVE-2024-57876
CVE-2024-57899
CVE-2024-57981
CVE-2024-58001
CVE-2024-58070
CVE-2025-21729
CVE-2025-21732
CVE-2025-21736
CVE-2025-21743
CVE-2025-21767
CVE-2025-21776
CVE-2025-21782
CVE-2025-21783
CVE-2025-21789
CVE-2025-21795
CVE-2025-21796
CVE-2025-21814
CVE-2025-21817
CWE-ID CWE-416
CWE-20
CWE-667
CWE-476
CWE-119
CWE-125
CWE-401
CWE-399
CWE-388
CWE-415
CWE-362
CWE-191
CWE-190
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 79 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU104163

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52926

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the io_rw_init_file() function in io_uring/rw.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU102995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41935

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __grab_extent_tree(), __destroy_extent_node(), __update_extent_tree_range(), write_unlock(), __shrink_extent_tree(), f2fs_shrink_age_extent_tree(), f2fs_destroy_extent_node() and __drop_extent_tree() functions in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper locking

EUVDB-ID: #VU102949

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47143

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the check_unmap() function in kernel/dma/debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU102925

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47809

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the validate_lock_args() function in fs/dlm/lock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU102927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-48881

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cache_set_flush() function in drivers/md/bcache/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU101348

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53141

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bitmap_ip_uadt() function in net/netfilter/ipset/ip_set_bitmap_ip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU101927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53148

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the comedi_mmap() function in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU101911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53156

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU102174

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53176

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cifs_dentry_needs_reval() function in fs/smb/client/inode.c, within the init_cifs() and cifs_destroy_netfs() functions in fs/smb/client/cifsfs.c, within the free_cached_dir(), close_all_cached_dirs(), invalidate_all_cached_dirs(), cached_dir_lease_break(), init_cached_dir(), cfids_laundromat_worker(), init_cached_dirs() and free_cached_dirs() functions in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU102056

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53177

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SMB2_query_info_free(), invalidate_all_cached_dirs(), smb2_cached_lease_break(), cached_dir_lease_break() and cfids_laundromat_worker() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU102007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53178

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the find_or_create_cached_dir() and smb2_set_related() functions in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU102231

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53181

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vector_device_release() function in arch/um/drivers/vector_kern.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU102051

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53185

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU102004

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53210

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iucv_sock_recvmsg() function in net/iucv/af_iucv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU102092

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53214

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU102356

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53216

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/nfsd/export.c. A local user can execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper error handling

EUVDB-ID: #VU102207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53233

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the utf8_load() function in fs/unicode/utf8-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU105054

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-54456

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfs_sysfs_link_rpc_client() function in fs/nfs/sysfs.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper locking

EUVDB-ID: #VU102180

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56531

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the snd_usb_caiaq_input_free() function in sound/usb/caiaq/input.c, within the setup_card(), init_card() and snd_disconnect() functions in sound/usb/caiaq/device.c, within the snd_usb_caiaq_audio_init() function in sound/usb/caiaq/audio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper locking

EUVDB-ID: #VU102182

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56533

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the snd_usx2y_disconnect() function in sound/usb/usx2y/usbusx2y.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU102236

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56539

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU102253

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56545

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mousevsc_hid_raw_request(), HID_DEVICE(), mousevsc_probe() and mousevsc_init() functions in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU102039

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56551

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_vce_sw_fini() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c, within the amdgpu_device_fini_sw() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU102042

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56558

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the e_show() function in fs/nfsd/export.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU102170

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56566

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the check_slab(), slab_fix() and alloc_single_from_partial() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Double free

EUVDB-ID: #VU102193

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56573

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the efi_handle_cmdline() function in drivers/firmware/efi/libstub/efi-stub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU102125

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56574

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ts2020_regmap_unlock() function in drivers/media/dvb-frontends/ts2020.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU102229

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56576

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) NULL pointer dereference

EUVDB-ID: #VU102123

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56577

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_jpegdec_hw_init_irq() and mtk_jpegdec_hw_probe() functions in drivers/media/platform/mediatek/jpeg/mtk_jpeg_dec_hw.c, within the mtk_jpeg_single_core_init() and mtk_jpeg_probe() functions in drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper error handling

EUVDB-ID: #VU102205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56579

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vpu_add_func() function in drivers/media/platform/amphion/vpu_v4l2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU102104

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56587

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brightness_show() and max_brightness_show() functions in drivers/leds/led-class.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU102107

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56593

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcmf_sdiod_sgtable_alloc() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU102016

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56600

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the htons() function in net/ipv6/af_inet6.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU102015

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56601

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the htons() function in net/ipv4/af_inet.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU102017

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56602

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee802154_create() function in net/ieee802154/socket.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU102018

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56603

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the can_create() function in net/can/af_can.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU102021

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56606

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU102244

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56625

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the can_set_termination() function in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU102162

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56628

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arch/loongarch/include/asm/hugetlb.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Resource management error

EUVDB-ID: #VU102245

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56636

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the geneve_xmit_skb() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Race condition

EUVDB-ID: #VU102219

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56637

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the find_set_type() function in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Memory leak

EUVDB-ID: #VU101989

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56643

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dccp_feat_change_recv() function in net/dccp/feat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Memory leak

EUVDB-ID: #VU101992

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56644

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ip6_negative_advice() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Integer underflow

EUVDB-ID: #VU102210

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56645

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the j1939_session_new() function in net/can/j1939/transport.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Out-of-bounds read

EUVDB-ID: #VU102078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56650

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the led_tg_check() function in net/netfilter/xt_LED.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU102030

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56651

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hi3110_can_ist() function in drivers/net/can/spi/hi311x.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU102012

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56678

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ___do_page_fault() function in arch/powerpc/mm/fault.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU102097

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56689

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pci_epf_mhi_bind() function in drivers/pci/endpoint/functions/pci-epf-mhi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Double free

EUVDB-ID: #VU102192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56704

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the xen_9pfs_front_free() function in net/9p/trans_xen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Input validation error

EUVDB-ID: #VU102275

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56707

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the otx2_dmacflt_do_add() and otx2_dmacflt_update() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Resource management error

EUVDB-ID: #VU102225

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56723

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Resource management error

EUVDB-ID: #VU102224

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56724

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bxt_wcove_tmu_irq_handler() and bxt_wcove_tmu_probe() functions in drivers/platform/x86/intel/bxtwc_tmu.c, within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Input validation error

EUVDB-ID: #VU102269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56725

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the otx2_config_priority_flow_ctrl() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU102271

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56727

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the otx2_alloc_mcam_entries() and otx2_mcam_entry_init() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Memory leak

EUVDB-ID: #VU101981

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56746

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sh7760fb_alloc_mem() function in drivers/video/fbdev/sh7760fb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper locking

EUVDB-ID: #VU102152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56751

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ip6_dst_ifdown(), DEFINE_SPINLOCK() and rt6_remove_exception() functions in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU102273

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56754

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the caam_qi_init() function in drivers/crypto/caam/qi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) NULL pointer dereference

EUVDB-ID: #VU102483

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56774

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Input validation error

EUVDB-ID: #VU102496

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56783

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nft_socket_cgroup_subtree_level() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Resource management error

EUVDB-ID: #VU102494

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56785

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/mips/boot/dts/loongson/ls7a-pch.dtsi. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper error handling

EUVDB-ID: #VU102958

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57838

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch_init_kprobes() function in arch/s390/kernel/kprobes.c, within the SYM_CODE_START() function in arch/s390/kernel/entry.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Improper locking

EUVDB-ID: #VU102936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57876

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drm_dp_mst_topology_mgr_set_mst(), EXPORT_SYMBOL(), update_msg_rx_state() and drm_dp_mst_hpd_irq_handle_event() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Integer overflow

EUVDB-ID: #VU102964

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57899

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ieee80211_mbss_info_change_notify() function in net/mac80211/mesh.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) NULL pointer dereference

EUVDB-ID: #VU105016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57981

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Resource management error

EUVDB-ID: #VU105070

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58001

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ocfs2_fast_symlink_read_folio() function in fs/ocfs2/symlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper locking

EUVDB-ID: #VU105413

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58070

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bpf_local_storage_map_alloc() function in kernel/bpf/bpf_local_storage.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Use-after-free

EUVDB-ID: #VU104967

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21729

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtw89_ops_cancel_hw_scan() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use-after-free

EUVDB-ID: #VU104955

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21732

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlx5_ib_invalidate_range() function in drivers/infiniband/hw/mlx5/odp.c, within the mlx5_revoke_mr() function in drivers/infiniband/hw/mlx5/mr.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Integer overflow

EUVDB-ID: #VU105049

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21736

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the nilfs_fiemap() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Out-of-bounds read

EUVDB-ID: #VU104979

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21743

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper locking

EUVDB-ID: #VU105021

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21767

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the clocksource_verify_percpu() function in kernel/time/clocksource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) NULL pointer dereference

EUVDB-ID: #VU104995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21776

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hub_probe() function in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Out-of-bounds read

EUVDB-ID: #VU104981

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21782

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the orangefs_debug_write() function in fs/orangefs/orangefs-debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) NULL pointer dereference

EUVDB-ID: #VU104992

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21783

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gpiochip_get_ngpios() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Out-of-bounds read

EUVDB-ID: #VU104983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21789

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_csum() function in arch/loongarch/lib/csum.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Input validation error

EUVDB-ID: #VU105087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21795

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfsd4_run_cb_work() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Use-after-free

EUVDB-ID: #VU104953

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21796

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_acl_release() function in fs/nfsd/nfs3acl.c, within the posix_acl_release() function in fs/nfsd/nfs2acl.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) NULL pointer dereference

EUVDB-ID: #VU105141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21814

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ptp_getcycles64() and ptp_clock_register() functions in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use-after-free

EUVDB-ID: #VU105135

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21817

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the queue_attr_store() function in block/blk-sysfs.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-82.0.0.86

python3-perf: before 6.6.0-82.0.0.86

perf-debuginfo: before 6.6.0-82.0.0.86

perf: before 6.6.0-82.0.0.86

kernel-tools-devel: before 6.6.0-82.0.0.86

kernel-tools-debuginfo: before 6.6.0-82.0.0.86

kernel-tools: before 6.6.0-82.0.0.86

kernel-source: before 6.6.0-82.0.0.86

kernel-headers: before 6.6.0-82.0.0.86

kernel-devel: before 6.6.0-82.0.0.86

kernel-debugsource: before 6.6.0-82.0.0.86

kernel-debuginfo: before 6.6.0-82.0.0.86

bpftool-debuginfo: before 6.6.0-82.0.0.86

bpftool: before 6.6.0-82.0.0.86

kernel: before 6.6.0-82.0.0.86

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###