SB2025032178 - openEuler 22.03 LTS SP3 update for kernel
Published: March 21, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2021-47639)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_tdp_mmu_put_root(), tdp_mmu_next_root(), kvm_tdp_mmu_wrprot_slot(), kvm_tdp_mmu_clear_dirty_slot() and kvm_tdp_mmu_zap_collapsible_sptes() functions in arch/x86/kvm/mmu/tdp_mmu.c. A local user can escalate privileges on the system.
2) Use-after-free (CVE-ID: CVE-2024-58058)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ubifs_dump_tnc() function in fs/ubifs/debug.c. A local user can escalate privileges on the system.
3) Improper locking (CVE-ID: CVE-2025-21662)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cmd_work_handler() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.