openEuler 24.03 LTS update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 31
CVE-ID CVE-2024-36476
CVE-2024-56778
CVE-2024-57802
CVE-2024-57834
CVE-2024-57883
CVE-2024-57884
CVE-2024-57885
CVE-2024-57890
CVE-2024-57894
CVE-2024-57897
CVE-2024-57901
CVE-2024-57902
CVE-2024-57903
CVE-2024-57913
CVE-2024-57938
CVE-2024-57945
CVE-2024-58069
CVE-2024-58080
CVE-2024-58087
CVE-2025-21629
CVE-2025-21639
CVE-2025-21642
CVE-2025-21646
CVE-2025-21654
CVE-2025-21655
CVE-2025-21660
CVE-2025-21662
CVE-2025-21663
CVE-2025-21664
CVE-2025-21719
CVE-2025-21750
CWE-ID CWE-476
CWE-908
CWE-401
CWE-416
CWE-190
CWE-667
CWE-388
CWE-399
CWE-125
CWE-617
CWE-682
CWE-119
CWE-362
CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 31 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU102920

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36476

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the send_io_resp_imm() function in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU102486

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56778

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sti_hqvdp_atomic_check() function in drivers/gpu/drm/sti/sti_hqvdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of uninitialized resource

EUVDB-ID: #VU102960

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57802

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nr_route_frame() function in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU105002

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57834

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vidtv_start_streaming() and vidtv_stop_streaming() functions in drivers/media/test-drivers/vidtv/vidtv_bridge.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU102893

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57883

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the huge_pmd_share() and huge_pmd_unshare() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU102909

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zone_reclaimable_pages() function in mm/vmscan.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU102894

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57885

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the print_unreferenced() function in mm/kmemleak.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer overflow

EUVDB-ID: #VU102963

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57890

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the uverbs_request_next_ptr(), ib_uverbs_post_send() and ib_uverbs_unmarshall_recv() functions in drivers/infiniband/core/uverbs_cmd.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU102933

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57894

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sco_connect_ind() and sco_connect_cfm() functions in net/bluetooth/sco.c, within the rfcomm_run() and rfcomm_security_cfm() functions in net/bluetooth/rfcomm/core.c, within the l2cap_global_fixed_chan(), l2cap_connect_cfm() and l2cap_disconn_ind() functions in net/bluetooth/l2cap_core.c, within the iso_match() function in net/bluetooth/iso.c, within the DEFINE_RWLOCK(), hci_register_cb() and hci_unregister_cb() functions in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU102932

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57897

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the svm_migrate_copy_to_vram() and svm_migrate_copy_to_ram() functions in drivers/gpu/drm/amd/amdkfd/kfd_migrate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper error handling

EUVDB-ID: #VU102954

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57901

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vlan_get_tci() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper error handling

EUVDB-ID: #VU102956

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57902

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the packet_current_frame() and vlan_get_tci() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU102931

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57903

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sk_setsockopt() function in net/core/sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU103049

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57913

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the functionfs_bind() function in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Integer overflow

EUVDB-ID: #VU103133

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57938

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the sctp_association_init() function in net/sctp/associola.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU103119

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57945

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL(), setup_bootmem() and setup_vm() functions in arch/riscv/mm/init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU105395

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58069

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the pcf85063_nvmem_read() function in drivers/rtc/rtc-pcf85063.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU105399

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58080

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the &() function in drivers/clk/qcom/dispcc-sm6350.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper locking

EUVDB-ID: #VU105671

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58087

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the check_session_id(), smb2_check_user_session(), smb2_sess_setup(), smb2_session_logoff() and smb3_decrypt_req() functions in fs/ksmbd/smb2pdu.c, within the ksmbd_session_lookup() and ksmbd_session_lookup_slowpath() functions in fs/ksmbd/mgmt/user_session.c, within the ksmbd_get_encryption_key() function in fs/ksmbd/auth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU102981

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21629

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the skb_csum_hwoffload_help() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU103026

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21639

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() and proc_sctp_do_rto_min() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU103029

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21642

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mptcp_pernet_set_defaults(), mptcp_set_scheduler() and proc_scheduler() functions in net/mptcp/ctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Resource management error

EUVDB-ID: #VU103051

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21646

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the afs_deliver_yfsvl_get_cell_name() function in fs/afs/vlclient.c, within the afs_vl_get_cell_name() and yfs_check_canonical_cell_name() functions in fs/afs/vl_alias.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Reachable assertion

EUVDB-ID: #VU103039

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21654

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the ovl_connect_layer(), ovl_check_encode_origin(), ovl_dentry_to_fid() and ovl_encode_fh() functions in fs/overlayfs/export.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Incorrect calculation

EUVDB-ID: #VU103087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21655

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the io_queue_deferred() and io_eventfd_ops() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU103138

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21660

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ksmbd_vfs_kern_path_locked() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper locking

EUVDB-ID: #VU103129

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21662

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cmd_work_handler() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper locking

EUVDB-ID: #VU103130

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21663

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the MAC_SBD_INTR BIT(), tegra_mgbe_resume() and tegra_mgbe_probe() functions in drivers/net/ethernet/stmicro/stmmac/dwmac-tegra.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds read

EUVDB-ID: #VU103120

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21664

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_first_thin() function in drivers/md/dm-thin.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Race condition

EUVDB-ID: #VU105081

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21719

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the list_for_each_entry() function in net/ipv4/ipmr_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Input validation error

EUVDB-ID: #VU105033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21750

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the brcmf_of_probe() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-83.0.0.77

python3-perf: before 6.6.0-83.0.0.77

perf-debuginfo: before 6.6.0-83.0.0.77

perf: before 6.6.0-83.0.0.77

kernel-tools-devel: before 6.6.0-83.0.0.77

kernel-tools-debuginfo: before 6.6.0-83.0.0.77

kernel-tools: before 6.6.0-83.0.0.77

kernel-source: before 6.6.0-83.0.0.77

kernel-headers: before 6.6.0-83.0.0.77

kernel-devel: before 6.6.0-83.0.0.77

kernel-debugsource: before 6.6.0-83.0.0.77

kernel-debuginfo: before 6.6.0-83.0.0.77

bpftool-debuginfo: before 6.6.0-83.0.0.77

bpftool: before 6.6.0-83.0.0.77

kernel: before 6.6.0-83.0.0.77

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###