SB2025032180 - openEuler 24.03 LTS update for kernel

Main Vulnerability Database SB2025032180

SB2025032180 - openEuler 24.03 LTS update for kernel

Published: March 21, 2025

Security Bulletin ID SB2025032180

Severity

Low

Patch available

YES

Number of vulnerabilities 31

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 31 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2024-36476)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the send_io_resp_imm() function in drivers/infiniband/ulp/rtrs/rtrs-srv.c. A local user can perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2024-56778)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sti_hqvdp_atomic_check() function in drivers/gpu/drm/sti/sti_hqvdp.c. A local user can perform a denial of service (DoS) attack.

3) Use of uninitialized resource (CVE-ID: CVE-2024-57802)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nr_route_frame() function in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2024-57834)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vidtv_start_streaming() and vidtv_stop_streaming() functions in drivers/media/test-drivers/vidtv/vidtv_bridge.c. A local user can perform a denial of service (DoS) attack.

5) Memory leak (CVE-ID: CVE-2024-57883)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the huge_pmd_share() and huge_pmd_unshare() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2024-57884)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zone_reclaimable_pages() function in mm/vmscan.c. A local user can escalate privileges on the system.

7) Memory leak (CVE-ID: CVE-2024-57885)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the print_unreferenced() function in mm/kmemleak.c. A local user can perform a denial of service (DoS) attack.

8) Integer overflow (CVE-ID: CVE-2024-57890)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the uverbs_request_next_ptr(), ib_uverbs_post_send() and ib_uverbs_unmarshall_recv() functions in drivers/infiniband/core/uverbs_cmd.c. A local user can execute arbitrary code.

9) Improper locking (CVE-ID: CVE-2024-57894)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sco_connect_ind() and sco_connect_cfm() functions in net/bluetooth/sco.c, within the rfcomm_run() and rfcomm_security_cfm() functions in net/bluetooth/rfcomm/core.c, within the l2cap_global_fixed_chan(), l2cap_connect_cfm() and l2cap_disconn_ind() functions in net/bluetooth/l2cap_core.c, within the iso_match() function in net/bluetooth/iso.c, within the DEFINE_RWLOCK(), hci_register_cb() and hci_unregister_cb() functions in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

10) Improper locking (CVE-ID: CVE-2024-57897)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the svm_migrate_copy_to_vram() and svm_migrate_copy_to_ram() functions in drivers/gpu/drm/amd/amdkfd/kfd_migrate.c. A local user can perform a denial of service (DoS) attack.

11) Improper error handling (CVE-ID: CVE-2024-57901)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vlan_get_tci() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.

12) Improper error handling (CVE-ID: CVE-2024-57902)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the packet_current_frame() and vlan_get_tci() functions in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.

13) Improper locking (CVE-ID: CVE-2024-57903)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sk_setsockopt() function in net/core/sock.c. A local user can perform a denial of service (DoS) attack.

14) Resource management error (CVE-ID: CVE-2024-57913)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the functionfs_bind() function in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

15) Integer overflow (CVE-ID: CVE-2024-57938)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the sctp_association_init() function in net/sctp/associola.c. A local user can execute arbitrary code.

16) Out-of-bounds read (CVE-ID: CVE-2024-57945)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL(), setup_bootmem() and setup_vm() functions in arch/riscv/mm/init.c. A local user can perform a denial of service (DoS) attack.

17) Out-of-bounds read (CVE-ID: CVE-2024-58069)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the pcf85063_nvmem_read() function in drivers/rtc/rtc-pcf85063.c. A local user can perform a denial of service (DoS) attack.

18) NULL pointer dereference (CVE-ID: CVE-2024-58080)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the &() function in drivers/clk/qcom/dispcc-sm6350.c. A local user can perform a denial of service (DoS) attack.

19) Improper locking (CVE-ID: CVE-2024-58087)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the check_session_id(), smb2_check_user_session(), smb2_sess_setup(), smb2_session_logoff() and smb3_decrypt_req() functions in fs/ksmbd/smb2pdu.c, within the ksmbd_session_lookup() and ksmbd_session_lookup_slowpath() functions in fs/ksmbd/mgmt/user_session.c, within the ksmbd_get_encryption_key() function in fs/ksmbd/auth.c. A local user can perform a denial of service (DoS) attack.

20) Resource management error (CVE-ID: CVE-2025-21629)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the skb_csum_hwoffload_help() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

21) NULL pointer dereference (CVE-ID: CVE-2025-21639)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_hmac_alg() and proc_sctp_do_rto_min() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.

22) NULL pointer dereference (CVE-ID: CVE-2025-21642)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mptcp_pernet_set_defaults(), mptcp_set_scheduler() and proc_scheduler() functions in net/mptcp/ctrl.c. A local user can perform a denial of service (DoS) attack.

23) Resource management error (CVE-ID: CVE-2025-21646)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the afs_deliver_yfsvl_get_cell_name() function in fs/afs/vlclient.c, within the afs_vl_get_cell_name() and yfs_check_canonical_cell_name() functions in fs/afs/vl_alias.c. A local user can perform a denial of service (DoS) attack.

24) Reachable assertion (CVE-ID: CVE-2025-21654)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the ovl_connect_layer(), ovl_check_encode_origin(), ovl_dentry_to_fid() and ovl_encode_fh() functions in fs/overlayfs/export.c. A local user can perform a denial of service (DoS) attack.

25) Incorrect calculation (CVE-ID: CVE-2025-21655)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the io_queue_deferred() and io_eventfd_ops() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

26) Buffer overflow (CVE-ID: CVE-2025-21660)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ksmbd_vfs_kern_path_locked() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.

27) Improper locking (CVE-ID: CVE-2025-21662)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cmd_work_handler() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.

28) Improper locking (CVE-ID: CVE-2025-21663)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the MAC_SBD_INTR BIT(), tegra_mgbe_resume() and tegra_mgbe_probe() functions in drivers/net/ethernet/stmicro/stmmac/dwmac-tegra.c. A local user can perform a denial of service (DoS) attack.

29) Out-of-bounds read (CVE-ID: CVE-2025-21664)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_first_thin() function in drivers/md/dm-thin.c. A local user can perform a denial of service (DoS) attack.

30) Race condition (CVE-ID: CVE-2025-21719)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the list_for_each_entry() function in net/ipv4/ipmr_base.c. A local user can perform a denial of service (DoS) attack.

31) Input validation error (CVE-ID: CVE-2025-21750)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the brcmf_of_probe() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1320

Vulnerable Software

openEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-83.0.0.77
python3-perf: before 6.6.0-83.0.0.77
perf-debuginfo: before 6.6.0-83.0.0.77
perf: before 6.6.0-83.0.0.77
kernel-tools-devel: before 6.6.0-83.0.0.77
kernel-tools-debuginfo: before 6.6.0-83.0.0.77
kernel-tools: before 6.6.0-83.0.0.77
kernel-source: before 6.6.0-83.0.0.77
kernel-headers: before 6.6.0-83.0.0.77
kernel-devel: before 6.6.0-83.0.0.77
kernel-debugsource: before 6.6.0-83.0.0.77
kernel-debuginfo: before 6.6.0-83.0.0.77
bpftool-debuginfo: before 6.6.0-83.0.0.77
bpftool: before 6.6.0-83.0.0.77
kernel: before 6.6.0-83.0.0.77