Anolis OS update for fence-agents
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-27516 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Anolis OS Operating systems & Components / Operating system fence-agents-wti Operating systems & Components / Operating system package or component fence-agents-vmware-soap Operating systems & Components / Operating system package or component fence-agents-vmware-rest Operating systems & Components / Operating system package or component fence-agents-virsh Operating systems & Components / Operating system package or component fence-agents-scsi Operating systems & Components / Operating system package or component fence-agents-sbd Operating systems & Components / Operating system package or component fence-agents-rsb Operating systems & Components / Operating system package or component fence-agents-rsa Operating systems & Components / Operating system package or component fence-agents-rhevm Operating systems & Components / Operating system package or component fence-agents-mpath Operating systems & Components / Operating system package or component fence-agents-lpar Operating systems & Components / Operating system package or component fence-agents-ipmilan Operating systems & Components / Operating system package or component fence-agents-ipdu Operating systems & Components / Operating system package or component fence-agents-intelmodular Operating systems & Components / Operating system package or component fence-agents-ilo2 Operating systems & Components / Operating system package or component fence-agents-ilo-ssh Operating systems & Components / Operating system package or component fence-agents-ilo-mp Operating systems & Components / Operating system package or component fence-agents-ilo-moonshot Operating systems & Components / Operating system package or component fence-agents-ifmib Operating systems & Components / Operating system package or component fence-agents-ibmblade Operating systems & Components / Operating system package or component fence-agents-ibm-vpc Operating systems & Components / Operating system package or component fence-agents-ibm-powervs Operating systems & Components / Operating system package or component fence-agents-hpblade Operating systems & Components / Operating system package or component fence-agents-heuristics-ping Operating systems & Components / Operating system package or component fence-agents-eps Operating systems & Components / Operating system package or component fence-agents-emerson Operating systems & Components / Operating system package or component fence-agents-eaton-snmp Operating systems & Components / Operating system package or component fence-agents-drac5 Operating systems & Components / Operating system package or component fence-agents-common Operating systems & Components / Operating system package or component fence-agents-cisco-ucs Operating systems & Components / Operating system package or component fence-agents-cisco-mds Operating systems & Components / Operating system package or component fence-agents-brocade Operating systems & Components / Operating system package or component fence-agents-bladecenter Operating systems & Components / Operating system package or component fence-agents-apc-snmp Operating systems & Components / Operating system package or component fence-agents-apc Operating systems & Components / Operating system package or component fence-agents-amt-ws Operating systems & Components / Operating system package or component ha-cloud-support Operating systems & Components / Operating system package or component fence-virtd-tcp Operating systems & Components / Operating system package or component fence-virtd-serial Operating systems & Components / Operating system package or component fence-virtd-multicast Operating systems & Components / Operating system package or component fence-virtd-libvirt Operating systems & Components / Operating system package or component fence-virtd-cpg Operating systems & Components / Operating system package or component fence-virtd Operating systems & Components / Operating system package or component fence-virt Operating systems & Components / Operating system package or component fence-agents-gce Operating systems & Components / Operating system package or component fence-agents-azure-arm Operating systems & Components / Operating system package or component fence-agents-aws Operating systems & Components / Operating system package or component fence-agents-aliyun Operating systems & Components / Operating system package or component fence-agents-redfish Operating systems & Components / Operating system package or component fence-agents-kubevirt Operating systems & Components / Operating system package or component fence-agents-kdump Operating systems & Components / Operating system package or component fence-agents-all Operating systems & Components / Operating system package or component |
| Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU105387
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-27516
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to sandbox breakout through attr filter selecting format method. A local user can execute arbitrary code on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
fence-agents-wti: before 4.10.0-76.0.1
fence-agents-vmware-soap: before 4.10.0-76.0.1
fence-agents-vmware-rest: before 4.10.0-76.0.1
fence-agents-virsh: before 4.10.0-76.0.1
fence-agents-scsi: before 4.10.0-76.0.1
fence-agents-sbd: before 4.10.0-76.0.1
fence-agents-rsb: before 4.10.0-76.0.1
fence-agents-rsa: before 4.10.0-76.0.1
fence-agents-rhevm: before 4.10.0-76.0.1
fence-agents-mpath: before 4.10.0-76.0.1
fence-agents-lpar: before 4.10.0-76.0.1
fence-agents-ipmilan: before 4.10.0-76.0.1
fence-agents-ipdu: before 4.10.0-76.0.1
fence-agents-intelmodular: before 4.10.0-76.0.1
fence-agents-ilo2: before 4.10.0-76.0.1
fence-agents-ilo-ssh: before 4.10.0-76.0.1
fence-agents-ilo-mp: before 4.10.0-76.0.1
fence-agents-ilo-moonshot: before 4.10.0-76.0.1
fence-agents-ifmib: before 4.10.0-76.0.1
fence-agents-ibmblade: before 4.10.0-76.0.1
fence-agents-ibm-vpc: before 4.10.0-76.0.1
fence-agents-ibm-powervs: before 4.10.0-76.0.1
fence-agents-hpblade: before 4.10.0-76.0.1
fence-agents-heuristics-ping: before 4.10.0-76.0.1
fence-agents-eps: before 4.10.0-76.0.1
fence-agents-emerson: before 4.10.0-76.0.1
fence-agents-eaton-snmp: before 4.10.0-76.0.1
fence-agents-drac5: before 4.10.0-76.0.1
fence-agents-common: before 4.10.0-76.0.1
fence-agents-cisco-ucs: before 4.10.0-76.0.1
fence-agents-cisco-mds: before 4.10.0-76.0.1
fence-agents-brocade: before 4.10.0-76.0.1
fence-agents-bladecenter: before 4.10.0-76.0.1
fence-agents-apc-snmp: before 4.10.0-76.0.1
fence-agents-apc: before 4.10.0-76.0.1
fence-agents-amt-ws: before 4.10.0-76.0.1
ha-cloud-support: before 4.10.0-76.0.1
fence-virtd-tcp: before 4.10.0-76.0.1
fence-virtd-serial: before 4.10.0-76.0.1
fence-virtd-multicast: before 4.10.0-76.0.1
fence-virtd-libvirt: before 4.10.0-76.0.1
fence-virtd-cpg: before 4.10.0-76.0.1
fence-virtd: before 4.10.0-76.0.1
fence-virt: before 4.10.0-76.0.1
fence-agents-gce: before 4.10.0-76.0.1
fence-agents-azure-arm: before 4.10.0-76.0.1
fence-agents-aws: before 4.10.0-76.0.1
fence-agents-aliyun: before 4.10.0-76.0.1
fence-agents-redfish: before 4.10.0-76.0.1
fence-agents-kubevirt: before 4.10.0-76.0.1
fence-agents-kdump: before 4.10.0-76.0.1
fence-agents-all: before 4.10.0-76.0.1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:fence-agents-wti:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-vmware-soap:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-vmware-rest:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-virsh:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-scsi:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-sbd:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-rsb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-rsa:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-rhevm:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-mpath:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-lpar:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ipmilan:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ipdu:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-intelmodular:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo2:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo-ssh:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo-mp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo-moonshot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ifmib:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ibmblade:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ibm-vpc:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ibm-powervs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-hpblade:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-heuristics-ping:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-eps:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-emerson:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-eaton-snmp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-drac5:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-cisco-ucs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-cisco-mds:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-brocade:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-bladecenter:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-apc-snmp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-apc:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-amt-ws:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:ha-cloud-support:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-tcp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-serial:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-multicast:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-libvirt:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-cpg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virt:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-gce:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-azure-arm:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-aws:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-aliyun:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-redfish:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-kubevirt:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-kdump:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-all:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0144
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
