Main Vulnerability Database SB2025031474

SB2025031474 - openEuler 24.03 LTS SP1 update for kernel

Published: March 14, 2025

Security Bulletin ID SB2025031474

Severity

Low

Patch available

YES

Number of vulnerabilities 79

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 79 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2023-52926)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the io_rw_init_file() function in io_uring/rw.c. A local user can escalate privileges on the system.

2) Input validation error (CVE-ID: CVE-2024-41935)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __grab_extent_tree(), __destroy_extent_node(), __update_extent_tree_range(), write_unlock(), __shrink_extent_tree(), f2fs_shrink_age_extent_tree(), f2fs_destroy_extent_node() and __drop_extent_tree() functions in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.

3) Improper locking (CVE-ID: CVE-2024-47143)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the check_unmap() function in kernel/dma/debug.c. A local user can perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2024-47809)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the validate_lock_args() function in fs/dlm/lock.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2024-48881)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cache_set_flush() function in drivers/md/bcache/super.c. A local user can perform a denial of service (DoS) attack.

6) Input validation error (CVE-ID: CVE-2024-53141)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bitmap_ip_uadt() function in net/netfilter/ipset/ip_set_bitmap_ip.c. A local user can perform a denial of service (DoS) attack.

7) Buffer overflow (CVE-ID: CVE-2024-53148)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the comedi_mmap() function in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.

8) Out-of-bounds read (CVE-ID: CVE-2024-53156)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2024-53176)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cifs_dentry_needs_reval() function in fs/smb/client/inode.c, within the init_cifs() and cifs_destroy_netfs() functions in fs/smb/client/cifsfs.c, within the free_cached_dir(), close_all_cached_dirs(), invalidate_all_cached_dirs(), cached_dir_lease_break(), init_cached_dir(), cfids_laundromat_worker(), init_cached_dirs() and free_cached_dirs() functions in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.

10) Use-after-free (CVE-ID: CVE-2024-53177)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SMB2_query_info_free(), invalidate_all_cached_dirs(), smb2_cached_lease_break(), cached_dir_lease_break() and cfids_laundromat_worker() functions in fs/smb/client/cached_dir.c. A local user can escalate privileges on the system.

11) Memory leak (CVE-ID: CVE-2024-53178)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the find_or_create_cached_dir() and smb2_set_related() functions in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.

12) Resource management error (CVE-ID: CVE-2024-53181)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vector_device_release() function in arch/um/drivers/vector_kern.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2024-53185)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c. A local user can escalate privileges on the system.

14) Memory leak (CVE-ID: CVE-2024-53210)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iucv_sock_recvmsg() function in net/iucv/af_iucv.c. A local user can perform a denial of service (DoS) attack.

15) Out-of-bounds read (CVE-ID: CVE-2024-53214)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.

16) Use-after-free (CVE-ID: CVE-2024-53216)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/nfsd/export.c. A local user can execute arbitrary code with elevated privileges.

17) Improper error handling (CVE-ID: CVE-2024-53233)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the utf8_load() function in fs/unicode/utf8-core.c. A local user can perform a denial of service (DoS) attack.

18) Buffer overflow (CVE-ID: CVE-2024-54456)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfs_sysfs_link_rpc_client() function in fs/nfs/sysfs.c. A local user can escalate privileges on the system.

19) Improper locking (CVE-ID: CVE-2024-56531)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the snd_usb_caiaq_input_free() function in sound/usb/caiaq/input.c, within the setup_card(), init_card() and snd_disconnect() functions in sound/usb/caiaq/device.c, within the snd_usb_caiaq_audio_init() function in sound/usb/caiaq/audio.c. A local user can perform a denial of service (DoS) attack.

20) Improper locking (CVE-ID: CVE-2024-56533)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the snd_usx2y_disconnect() function in sound/usb/usx2y/usbusx2y.c. A local user can perform a denial of service (DoS) attack.

21) Buffer overflow (CVE-ID: CVE-2024-56539)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.

22) Resource management error (CVE-ID: CVE-2024-56545)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mousevsc_hid_raw_request(), HID_DEVICE(), mousevsc_probe() and mousevsc_init() functions in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.

23) Use-after-free (CVE-ID: CVE-2024-56551)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_vce_sw_fini() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c, within the amdgpu_device_fini_sw() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can escalate privileges on the system.

24) Use-after-free (CVE-ID: CVE-2024-56558)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the e_show() function in fs/nfsd/export.c. A local user can escalate privileges on the system.

25) Improper locking (CVE-ID: CVE-2024-56566)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the check_slab(), slab_fix() and alloc_single_from_partial() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.

26) Double free (CVE-ID: CVE-2024-56573)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the efi_handle_cmdline() function in drivers/firmware/efi/libstub/efi-stub.c. A local user can perform a denial of service (DoS) attack.

27) NULL pointer dereference (CVE-ID: CVE-2024-56574)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ts2020_regmap_unlock() function in drivers/media/dvb-frontends/ts2020.c. A local user can perform a denial of service (DoS) attack.

28) Resource management error (CVE-ID: CVE-2024-56576)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.

29) NULL pointer dereference (CVE-ID: CVE-2024-56577)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_jpegdec_hw_init_irq() and mtk_jpegdec_hw_probe() functions in drivers/media/platform/mediatek/jpeg/mtk_jpeg_dec_hw.c, within the mtk_jpeg_single_core_init() and mtk_jpeg_probe() functions in drivers/media/platform/mediatek/jpeg/mtk_jpeg_core.c. A local user can perform a denial of service (DoS) attack.

30) Improper error handling (CVE-ID: CVE-2024-56579)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vpu_add_func() function in drivers/media/platform/amphion/vpu_v4l2.c. A local user can perform a denial of service (DoS) attack.

31) NULL pointer dereference (CVE-ID: CVE-2024-56587)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brightness_show() and max_brightness_show() functions in drivers/leds/led-class.c. A local user can perform a denial of service (DoS) attack.

32) NULL pointer dereference (CVE-ID: CVE-2024-56593)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcmf_sdiod_sgtable_alloc() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c. A local user can perform a denial of service (DoS) attack.

33) Use-after-free (CVE-ID: CVE-2024-56600)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the htons() function in net/ipv6/af_inet6.c. A local user can escalate privileges on the system.

34) Use-after-free (CVE-ID: CVE-2024-56601)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the htons() function in net/ipv4/af_inet.c. A local user can escalate privileges on the system.

35) Use-after-free (CVE-ID: CVE-2024-56602)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee802154_create() function in net/ieee802154/socket.c. A local user can escalate privileges on the system.

36) Use-after-free (CVE-ID: CVE-2024-56603)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the can_create() function in net/can/af_can.c. A local user can escalate privileges on the system.

37) Use-after-free (CVE-ID: CVE-2024-56606)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.

38) Resource management error (CVE-ID: CVE-2024-56625)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the can_set_termination() function in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.

39) Improper locking (CVE-ID: CVE-2024-56628)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arch/loongarch/include/asm/hugetlb.h. A local user can perform a denial of service (DoS) attack.

40) Resource management error (CVE-ID: CVE-2024-56636)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the geneve_xmit_skb() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.

41) Race condition (CVE-ID: CVE-2024-56637)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the find_set_type() function in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.

42) Memory leak (CVE-ID: CVE-2024-56643)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dccp_feat_change_recv() function in net/dccp/feat.c. A local user can perform a denial of service (DoS) attack.

43) Memory leak (CVE-ID: CVE-2024-56644)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ip6_negative_advice() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

44) Integer underflow (CVE-ID: CVE-2024-56645)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the j1939_session_new() function in net/can/j1939/transport.c. A local user can execute arbitrary code.

45) Out-of-bounds read (CVE-ID: CVE-2024-56650)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the led_tg_check() function in net/netfilter/xt_LED.c. A local user can perform a denial of service (DoS) attack.

46) Use-after-free (CVE-ID: CVE-2024-56651)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hi3110_can_ist() function in drivers/net/can/spi/hi311x.c. A local user can escalate privileges on the system.

47) Use-after-free (CVE-ID: CVE-2024-56678)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ___do_page_fault() function in arch/powerpc/mm/fault.c. A local user can escalate privileges on the system.

48) NULL pointer dereference (CVE-ID: CVE-2024-56689)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pci_epf_mhi_bind() function in drivers/pci/endpoint/functions/pci-epf-mhi.c. A local user can perform a denial of service (DoS) attack.

49) Double free (CVE-ID: CVE-2024-56704)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the xen_9pfs_front_free() function in net/9p/trans_xen.c. A local user can perform a denial of service (DoS) attack.

50) Input validation error (CVE-ID: CVE-2024-56707)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the otx2_dmacflt_do_add() and otx2_dmacflt_update() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c. A local user can perform a denial of service (DoS) attack.

51) Resource management error (CVE-ID: CVE-2024-56723)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.

52) Resource management error (CVE-ID: CVE-2024-56724)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bxt_wcove_tmu_irq_handler() and bxt_wcove_tmu_probe() functions in drivers/platform/x86/intel/bxtwc_tmu.c, within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.

53) Input validation error (CVE-ID: CVE-2024-56725)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the otx2_config_priority_flow_ctrl() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c. A local user can perform a denial of service (DoS) attack.

54) Input validation error (CVE-ID: CVE-2024-56727)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the otx2_alloc_mcam_entries() and otx2_mcam_entry_init() functions in drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c. A local user can perform a denial of service (DoS) attack.

55) Memory leak (CVE-ID: CVE-2024-56746)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sh7760fb_alloc_mem() function in drivers/video/fbdev/sh7760fb.c. A local user can perform a denial of service (DoS) attack.

56) Improper locking (CVE-ID: CVE-2024-56751)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ip6_dst_ifdown(), DEFINE_SPINLOCK() and rt6_remove_exception() functions in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

57) Input validation error (CVE-ID: CVE-2024-56754)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the caam_qi_init() function in drivers/crypto/caam/qi.c. A local user can perform a denial of service (DoS) attack.

58) NULL pointer dereference (CVE-ID: CVE-2024-56774)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can perform a denial of service (DoS) attack.

59) Input validation error (CVE-ID: CVE-2024-56783)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nft_socket_cgroup_subtree_level() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.

60) Resource management error (CVE-ID: CVE-2024-56785)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/mips/boot/dts/loongson/ls7a-pch.dtsi. A local user can perform a denial of service (DoS) attack.

61) Improper error handling (CVE-ID: CVE-2024-57838)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch_init_kprobes() function in arch/s390/kernel/kprobes.c, within the SYM_CODE_START() function in arch/s390/kernel/entry.S. A local user can perform a denial of service (DoS) attack.

62) Improper locking (CVE-ID: CVE-2024-57876)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drm_dp_mst_topology_mgr_set_mst(), EXPORT_SYMBOL(), update_msg_rx_state() and drm_dp_mst_hpd_irq_handle_event() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.

63) Integer overflow (CVE-ID: CVE-2024-57899)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ieee80211_mbss_info_change_notify() function in net/mac80211/mesh.c. A local user can execute arbitrary code.

64) NULL pointer dereference (CVE-ID: CVE-2024-57981)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

65) Resource management error (CVE-ID: CVE-2024-58001)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ocfs2_fast_symlink_read_folio() function in fs/ocfs2/symlink.c. A local user can perform a denial of service (DoS) attack.

66) Improper locking (CVE-ID: CVE-2024-58070)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bpf_local_storage_map_alloc() function in kernel/bpf/bpf_local_storage.c. A local user can perform a denial of service (DoS) attack.

67) Use-after-free (CVE-ID: CVE-2025-21729)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtw89_ops_cancel_hw_scan() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can escalate privileges on the system.

68) Use-after-free (CVE-ID: CVE-2025-21732)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlx5_ib_invalidate_range() function in drivers/infiniband/hw/mlx5/odp.c, within the mlx5_revoke_mr() function in drivers/infiniband/hw/mlx5/mr.c. A local user can escalate privileges on the system.

69) Integer overflow (CVE-ID: CVE-2025-21736)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the nilfs_fiemap() function in fs/nilfs2/inode.c. A local user can execute arbitrary code.

70) Out-of-bounds read (CVE-ID: CVE-2025-21743)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ipheth_rcvbulk_callback_ncm() function in drivers/net/usb/ipheth.c. A local user can perform a denial of service (DoS) attack.

71) Improper locking (CVE-ID: CVE-2025-21767)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the clocksource_verify_percpu() function in kernel/time/clocksource.c. A local user can perform a denial of service (DoS) attack.

72) NULL pointer dereference (CVE-ID: CVE-2025-21776)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hub_probe() function in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.

73) Out-of-bounds read (CVE-ID: CVE-2025-21782)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the orangefs_debug_write() function in fs/orangefs/orangefs-debugfs.c. A local user can perform a denial of service (DoS) attack.

74) NULL pointer dereference (CVE-ID: CVE-2025-21783)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gpiochip_get_ngpios() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

75) Out-of-bounds read (CVE-ID: CVE-2025-21789)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_csum() function in arch/loongarch/lib/csum.c. A local user can perform a denial of service (DoS) attack.

76) Input validation error (CVE-ID: CVE-2025-21795)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfsd4_run_cb_work() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.

77) Use-after-free (CVE-ID: CVE-2025-21796)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_acl_release() function in fs/nfsd/nfs3acl.c, within the posix_acl_release() function in fs/nfsd/nfs2acl.c. A local user can escalate privileges on the system.

78) NULL pointer dereference (CVE-ID: CVE-2025-21814)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ptp_getcycles64() and ptp_clock_register() functions in drivers/ptp/ptp_clock.c. A local user can perform a denial of service (DoS) attack.

79) Use-after-free (CVE-ID: CVE-2025-21817)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the queue_attr_store() function in block/blk-sysfs.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1286

Vulnerable Software

openEuler: 24.03 LTS SP1
python3-perf-debuginfo: before 6.6.0-82.0.0.86
python3-perf: before 6.6.0-82.0.0.86
perf-debuginfo: before 6.6.0-82.0.0.86
perf: before 6.6.0-82.0.0.86
kernel-tools-devel: before 6.6.0-82.0.0.86
kernel-tools-debuginfo: before 6.6.0-82.0.0.86
kernel-tools: before 6.6.0-82.0.0.86
kernel-source: before 6.6.0-82.0.0.86
kernel-headers: before 6.6.0-82.0.0.86
kernel-devel: before 6.6.0-82.0.0.86
kernel-debugsource: before 6.6.0-82.0.0.86
kernel-debuginfo: before 6.6.0-82.0.0.86
bpftool-debuginfo: before 6.6.0-82.0.0.86
bpftool: before 6.6.0-82.0.0.86
kernel: before 6.6.0-82.0.0.86

SB2025031474 - openEuler 24.03 LTS SP1 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human