openEuler 24.03 LTS update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 59
CVE-ID CVE-2024-47143
CVE-2024-47809
CVE-2024-48881
CVE-2024-53214
CVE-2024-56603
CVE-2024-56606
CVE-2024-56637
CVE-2024-56642
CVE-2024-56648
CVE-2024-56670
CVE-2024-56704
CVE-2024-56783
CVE-2024-56785
CVE-2024-57838
CVE-2024-57876
CVE-2024-57973
CVE-2024-57978
CVE-2024-57986
CVE-2024-57993
CVE-2024-57997
CVE-2024-57998
CVE-2024-58006
CVE-2024-58034
CVE-2024-58051
CVE-2024-58052
CVE-2024-58053
CVE-2024-58054
CVE-2024-58056
CVE-2024-58058
CVE-2024-58061
CVE-2024-58063
CVE-2024-58068
CVE-2024-58071
CVE-2024-58072
CVE-2025-21687
CVE-2025-21705
CVE-2025-21707
CVE-2025-21708
CVE-2025-21710
CVE-2025-21711
CVE-2025-21715
CVE-2025-21716
CVE-2025-21720
CVE-2025-21724
CVE-2025-21725
CVE-2025-21726
CVE-2025-21727
CVE-2025-21728
CVE-2025-21745
CVE-2025-21799
CVE-2025-21803
CVE-2025-21804
CVE-2025-21806
CVE-2025-21808
CVE-2025-21810
CVE-2025-21811
CVE-2025-21812
CVE-2025-21828
CVE-2025-21853
CWE-ID CWE-667
CWE-476
CWE-125
CWE-416
CWE-362
CWE-415
CWE-20
CWE-399
CWE-388
CWE-190
CWE-908
CWE-617
CWE-401
CWE-682
CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 59 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU102949

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47143

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the check_unmap() function in kernel/dma/debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU102925

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47809

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the validate_lock_args() function in fs/dlm/lock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU102927

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-48881

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cache_set_flush() function in drivers/md/bcache/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU102092

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53214

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU102018

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56603

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the can_create() function in net/can/af_can.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU102021

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56606

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Race condition

EUVDB-ID: #VU102219

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56637

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the find_set_type() function in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU102029

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56642

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cleanup_bearer() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU102079

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56648

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fill_frame_info() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU102122

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56670

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gs_start_io() function in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Double free

EUVDB-ID: #VU102192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56704

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the xen_9pfs_front_free() function in net/9p/trans_xen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU102496

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56783

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nft_socket_cgroup_subtree_level() function in net/netfilter/nft_socket.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU102494

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56785

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the arch/mips/boot/dts/loongson/ls7a-pch.dtsi. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper error handling

EUVDB-ID: #VU102958

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57838

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch_init_kprobes() function in arch/s390/kernel/kprobes.c, within the SYM_CODE_START() function in arch/s390/kernel/entry.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU102936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57876

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drm_dp_mst_topology_mgr_set_mst(), EXPORT_SYMBOL(), update_msg_rx_state() and drm_dp_mst_hpd_irq_handle_event() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Integer overflow

EUVDB-ID: #VU105052

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57973

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the copy_gl_to_skb_pkt() function in drivers/infiniband/hw/cxgb4/device.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU105017

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57978

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mxc_jpeg_detach_pm_domains() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU105014

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57986

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hid_apply_multiplier() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Resource management error

EUVDB-ID: #VU105078

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57993

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the thrustmaster_interrupts() function in drivers/hid/hid-thrustmaster.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use of uninitialized resource

EUVDB-ID: #VU105040

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57997

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the wcn36xx_probe() function in drivers/net/wireless/ath/wcn36xx/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Reachable assertion

EUVDB-ID: #VU105038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57998

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the _find_opp_table(), _opp_table_find_key(), _find_key(), _find_key_exact(), _opp_table_find_key_ceil(), _find_key_ceil(), dev_pm_opp_find_freq_exact_indexed(), dev_pm_opp_find_freq_ceil_indexed(), dev_pm_opp_find_freq_floor_indexed(), dev_pm_opp_remove(), _opp_add_v1(), _opp_set_availability() and dev_pm_opp_adjust_voltage() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU105091

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58006

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dw_pcie_ep_set_bar() function in drivers/pci/controller/dwc/pcie-designware-ep.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU105133

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58034

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tegra_emc_find_node_by_ram_code() function in drivers/memory/tegra/tegra20-emc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU105410

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58051

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ipmb_probe() function in drivers/char/ipmi/ipmb_dev_int.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU105409

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58052

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the atomctrl_get_smc_sclk_range_table() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU105433

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58053

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rxrpc_abort_conn() and rxrpc_abort_calls() functions in net/rxrpc/conn_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU105419

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58054

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the max96712_probe() function in drivers/staging/media/max96712/max96712.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU105427

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58056

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the rproc_alloc() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU105392

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58058

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ubifs_dump_tnc() function in fs/ubifs/debug.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU105434

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58061

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ieee80211_if_parse_active_links() function in net/mac80211/debugfs_netdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Memory leak

EUVDB-ID: #VU105389

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58063

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rtl_pci_probe() function in drivers/net/wireless/realtek/rtlwifi/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU105401

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58068

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the assert_clk_index(), dev_pm_opp_find_bw_ceil() and dev_pm_opp_find_bw_floor() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper locking

EUVDB-ID: #VU105414

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58071

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the team_port_add() function in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU105394

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58072

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtl_pci_get_amd_l1_patch(), _rtl_pci_find_adapter(), rtl_pci_probe(), rtl_pci_disconnect() and EXPORT_SYMBOL() functions in drivers/net/wireless/realtek/rtlwifi/pci.c, within the MODULE_AUTHOR() and rtl_core_module_init() functions in drivers/net/wireless/realtek/rtlwifi/base.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Incorrect calculation

EUVDB-ID: #VU103753

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21687

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the vfio_platform_read_mmio() and vfio_platform_write_mmio() functions in drivers/vfio/platform/vfio_platform_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU105030

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21705

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mptcp_sendmsg_fastopen() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use of uninitialized resource

EUVDB-ID: #VU105042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21707

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mptcp_parse_option() and mptcp_get_options() functions in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU105080

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21708

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the MSR_SPEED() and rtl8150_probe() functions in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU104966

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21710

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_select_window() function in net/ipv4/tcp_output.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Integer overflow

EUVDB-ID: #VU105053

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21711

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the rose_setsockopt() function in net/rose/af_rose.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU104964

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21715

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dm9000_drv_remove() function in drivers/net/ethernet/davicom/dm9000.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use of uninitialized resource

EUVDB-ID: #VU105044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21716

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the vxlan_vnifilter_dump() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU105010

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21720

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/xfrm.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU104989

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21724

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iova_bitmap_offset_to_index() function in drivers/vfio/iova_bitmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Input validation error

EUVDB-ID: #VU105085

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21725

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU104961

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21726

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the padata_reorder() and invoke_padata_reorder() functions in kernel/padata.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU104960

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21727

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the padata_free_shell() function in kernel/padata.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Resource management error

EUVDB-ID: #VU105066

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21728

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bpf_send_signal_common() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Memory leak

EUVDB-ID: #VU104936

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21745

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the blkcg_fill_root_iostats() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper error handling

EUVDB-ID: #VU105152

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21799

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the am65_cpsw_nuss_remove_tx_chns() function in drivers/net/ethernet/ti/am65-cpsw-nuss.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Resource management error

EUVDB-ID: #VU105155

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21803

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the enable_gpe_wakeup() function in arch/loongarch/power/platform.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Buffer overflow

EUVDB-ID: #VU105159

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21804

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rcar_pcie_parse_outbound_ranges() function in drivers/pci/controller/pcie-rcar-ep.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper error handling

EUVDB-ID: #VU105153

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21806

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU105151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21808

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dev_xdp_attach() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU105140

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21810

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the class_dev_iter_init() and class_dev_iter_next() functions in drivers/base/class.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper locking

EUVDB-ID: #VU105146

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21811

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_lookup_dirty_data_buffers() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU105134

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21812

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ax25_rt_autobind() function in net/ax25/ax25_route.c, within the ax25_send_frame() and ax25_queue_xmit() functions in net/ax25/ax25_out.c, within the ax25_ip_xmit() function in net/ax25/ax25_ip.c, within the ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c, within the ax25_fillin_cb_from_dev() and ax25_setsockopt() functions in net/ax25/af_ax25.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Input validation error

EUVDB-ID: #VU105416

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21828

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the net/mac80211/driver-ops.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Use-after-free

EUVDB-ID: #VU105651

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bpf_map_mmap() function in kernel/bpf/syscall.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS

python3-perf-debuginfo: before 6.6.0-84.0.0.78

python3-perf: before 6.6.0-84.0.0.78

perf-debuginfo: before 6.6.0-84.0.0.78

perf: before 6.6.0-84.0.0.78

kernel-tools-devel: before 6.6.0-84.0.0.78

kernel-tools-debuginfo: before 6.6.0-84.0.0.78

kernel-tools: before 6.6.0-84.0.0.78

kernel-source: before 6.6.0-84.0.0.78

kernel-headers: before 6.6.0-84.0.0.78

kernel-devel: before 6.6.0-84.0.0.78

kernel-debugsource: before 6.6.0-84.0.0.78

kernel-debuginfo: before 6.6.0-84.0.0.78

bpftool-debuginfo: before 6.6.0-84.0.0.78

bpftool: before 6.6.0-84.0.0.78

kernel: before 6.6.0-84.0.0.78

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1339


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###