openEuler 20.03 LTS SP4 update for kernel

Published: 2025-03-29

Risk	Low
Patch available	YES
Number of vulnerabilities	19
CVE-ID	CVE-2021-47659 CVE-2022-49053 CVE-2022-49243 CVE-2022-49292 CVE-2022-49335 CVE-2022-49350 CVE-2022-49381 CVE-2022-49388 CVE-2022-49490 CVE-2022-49508 CVE-2022-49535 CVE-2022-49603 CVE-2022-49625 CVE-2022-49678 CVE-2022-49713 CVE-2022-49720 CVE-2022-49727 CVE-2025-21687 CVE-2025-21806
CWE-ID	CWE-401 CWE-416 CWE-119 CWE-476 CWE-415 CWE-366 CWE-125 CWE-190 CWE-682 CWE-388
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 19 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU104411

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47659

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the drm_universal_plane_init() function in drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU104481

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49053

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcmu_try_get_data_page() and tcmu_vma_fault() functions in drivers/target/target_core_user.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU104230

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49243

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the at91sam9g20ek_audio_probe() function in sound/soc/atmel/sam9g20_wm8731.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU104798

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49292

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the snd_pcm_plugin_alloc() function in sound/core/oss/pcm_plugin.c, within the snd_pcm_oss_period_size() and snd_pcm_oss_change_params_locked() functions in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU104562

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49335

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_cs_parser_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Double free

EUVDB-ID: #VU104732

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49350

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mdio_bus_init() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU104263

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49381

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the jffs2_free_raw_node_refs() function in fs/jffs2/fs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU104430

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49388

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the spin_unlock() function in drivers/mtd/ubi/vmt.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU104587

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49490

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mdp5_plane_atomic_check_with_state() function in drivers/gpu/drm/msm/disp/mdp5/mdp5_plane.c, within the mdp5_pipe_assign() and mdp5_pipe_release() functions in drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Double free

EUVDB-ID: #VU104737

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49508

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the elan_input_configured() function in drivers/hid/hid-elan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU104456

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49535

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_initial_flogi(), lpfc_initial_fdisc(), lpfc_cmpl_els_plogi(), lpfc_cmpl_els_prli() and lpfc_cmpl_els_adisc() functions in drivers/scsi/lpfc/lpfc_els.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Race condition within a thread

EUVDB-ID: #VU104825

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49603

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the ip_forward() function in net/ipv4/ip_forward.c, within the mlxsw_sp_dscp_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c. A local user can corrupt data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU104452

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49625

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efx_ef10_try_update_nic_stats_vf() function in drivers/net/ethernet/sfc/ef10.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU104335

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49678

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the brcmstb_pm_probe() function in drivers/soc/bcm/brcmstb/pm/pm-arm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU104347

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49713

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dwc2_hcd_init() function in drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU104523

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49720

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the blk_mq_alloc_request_hctx() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Integer overflow

EUVDB-ID: #VU104784

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49727

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Incorrect calculation

EUVDB-ID: #VU103753

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21687

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the vfio_platform_read_mmio() and vfio_platform_write_mmio() functions in drivers/vfio/platform/vfio_platform_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper error handling

EUVDB-ID: #VU105153

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21806

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.5.0.0321

python3-perf: before 4.19.90-2503.5.0.0321

python2-perf-debuginfo: before 4.19.90-2503.5.0.0321

python2-perf: before 4.19.90-2503.5.0.0321

perf-debuginfo: before 4.19.90-2503.5.0.0321

perf: before 4.19.90-2503.5.0.0321

kernel-tools-devel: before 4.19.90-2503.5.0.0321

kernel-tools-debuginfo: before 4.19.90-2503.5.0.0321

kernel-tools: before 4.19.90-2503.5.0.0321

kernel-source: before 4.19.90-2503.5.0.0321

kernel-devel: before 4.19.90-2503.5.0.0321

kernel-debugsource: before 4.19.90-2503.5.0.0321

kernel-debuginfo: before 4.19.90-2503.5.0.0321

bpftool-debuginfo: before 4.19.90-2503.5.0.0321

bpftool: before 4.19.90-2503.5.0.0321

kernel: before 4.19.90-2503.5.0.0321

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.