Main Vulnerability Database SB20250403105

SB20250403105 - openEuler 24.03 LTS SP1 update for kernel

Published: April 3, 2025 Updated: July 3, 2025

Security Bulletin ID SB20250403105

Severity

Low

Patch available

YES

Number of vulnerabilities 37

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 37 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2024-53174)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the c_show() function in net/sunrpc/cache.c. A local user can escalate privileges on the system.

2) NULL pointer dereference (CVE-ID: CVE-2024-53680)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip_vs_protocol_net_cleanup() and ip_vs_protocol_init() functions in net/netfilter/ipvs/ip_vs_proto.c. A local user can perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2024-56635)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the default_operstate() function in net/core/link_watch.c. A local user can escalate privileges on the system.

4) Improper locking (CVE-ID: CVE-2024-56694)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sk_psock_strp_data_ready() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

5) Reachable assertion (CVE-ID: CVE-2024-57924)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the ovl_encode_real_fh() function in fs/overlayfs/copy_up.c, within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.

6) Resource management error (CVE-ID: CVE-2024-57951)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hrtimers_prepare_cpu() and hrtimers_cpu_dying() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.

7) Use-after-free (CVE-ID: CVE-2024-57980)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uvc_status_init() function in drivers/media/usb/uvc/uvc_status.c. A local user can escalate privileges on the system.

8) Resource management error (CVE-ID: CVE-2024-58005)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tpm_is_tpm2_log() and tpm_read_log_acpi() functions in drivers/char/tpm/eventlog/acpi.c. A local user can perform a denial of service (DoS) attack.

9) NULL pointer dereference (CVE-ID: CVE-2024-58020)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt_input_configured() function in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.

10) Double free (CVE-ID: CVE-2024-58055)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the usbg_cmd_work() and bot_cmd_work() functions in drivers/usb/gadget/function/f_tcm.c. A local user can perform a denial of service (DoS) attack.

11) Input validation error (CVE-ID: CVE-2024-58077)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the _soc_pcm_ret(), __soc_pcm_prepare(), soc_pcm_prepare(), dpcm_be_dai_prepare() and dpcm_set_fe_update_state() functions in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.

12) Resource management error (CVE-ID: CVE-2024-58078)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DEFINE_MUTEX() and misc_register() functions in drivers/char/misc.c. A local user can perform a denial of service (DoS) attack.

13) Double free (CVE-ID: CVE-2025-21673)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the clean_demultiplex_info() and cifs_put_tcp_session() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.

14) Improper locking (CVE-ID: CVE-2025-21674)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5e_xfrm_add_state() and mlx5e_xfrm_del_state() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c. A local user can perform a denial of service (DoS) attack.

15) Out-of-bounds read (CVE-ID: CVE-2025-21680)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_imix_entries() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.

16) Improper locking (CVE-ID: CVE-2025-21681)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_output() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.

17) Memory leak (CVE-ID: CVE-2025-21683)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the BPF_CALL_4() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

18) Resource management error (CVE-ID: CVE-2025-21691)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the SYSCALL_DEFINE4() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

19) Use-after-free (CVE-ID: CVE-2025-21718)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rose_heartbeat_expiry(), rose_timer_expiry() and rose_idletimer_expiry() functions in net/rose/rose_timer.c. A local user can escalate privileges on the system.

20) Use-after-free (CVE-ID: CVE-2025-21722)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_clear_dirty_pages() and nilfs_clear_folio_dirty() functions in fs/nilfs2/page.c. A local user can escalate privileges on the system.

21) Out-of-bounds read (CVE-ID: CVE-2025-21734)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fastrpc_get_args() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.

22) Buffer overflow (CVE-ID: CVE-2025-21738)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ata_pio_sector() function in drivers/ata/libata-sff.c. A local user can perform a denial of service (DoS) attack.

23) Reachable assertion (CVE-ID: CVE-2025-21754)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the btrfs_split_ordered_extent() function in fs/btrfs/ordered-data.c. A local user can perform a denial of service (DoS) attack.

24) Use-after-free (CVE-ID: CVE-2025-21756)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() and __vsock_release() functions in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.

25) Out-of-bounds read (CVE-ID: CVE-2025-21785)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the populate_cache_leaves() function in arch/arm64/kernel/cacheinfo.c. A local user can perform a denial of service (DoS) attack.

26) Input validation error (CVE-ID: CVE-2025-21787)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the team_nl_options_set_doit() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.

27) Use-after-free (CVE-ID: CVE-2025-21791)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the include/net/l3mdev.h. A local user can escalate privileges on the system.

28) Resource management error (CVE-ID: CVE-2025-21816)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the HRTIMER_ACTIVE_SOFT(), DEFINE_PER_CPU(), hrtimer_base_is_online(), lock_hrtimer_base(), raw_spin_unlock(), WRITE_ONCE(), hrtimer_is_hres_enabled() and __hrtimer_start_range_ns() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.

29) Improper locking (CVE-ID: CVE-2025-21820)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cdns_uart_handle_rx(), cdns_uart_isr() and cdns_uart_console_write() functions in drivers/tty/serial/xilinx_uartps.c. A local user can perform a denial of service (DoS) attack.

30) Improper locking (CVE-ID: CVE-2025-21823)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the batadv_v_elp_start_timer(), batadv_v_elp_get_throughput(), batadv_v_elp_throughput_metric_update(), batadv_v_elp_wifi_neigh_probe() and batadv_v_elp_periodic_work() functions in net/batman-adv/bat_v_elp.c, within the batadv_v_hardif_neigh_init() function in net/batman-adv/bat_v.c. A local user can perform a denial of service (DoS) attack.

31) Incorrect calculation (CVE-ID: CVE-2025-21832)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the blkdev_read_iter() function in block/fops.c. A local user can perform a denial of service (DoS) attack.

32) NULL pointer dereference (CVE-ID: CVE-2025-21844)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

33) NULL pointer dereference (CVE-ID: CVE-2025-21846)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the do_acct_process(), acct_pin_kill(), close_work(), encode_float() and fill_ac() functions in kernel/acct.c. A local user can perform a denial of service (DoS) attack.

34) Use-after-free (CVE-ID: CVE-2025-21856)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ism_dev_release(), ism_probe(), device_del() and ism_remove() functions in drivers/s390/net/ism_drv.c. A local user can escalate privileges on the system.

35) Input validation error (CVE-ID: CVE-2025-21863)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the io_init_req() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

36) Use-after-free (CVE-ID: CVE-2025-21887)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ovl_link_up() function in fs/overlayfs/copy_up.c. A local user can escalate privileges on the system.

37) Improper locking (CVE-ID: CVE-2025-21889)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the perf_event_exec() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372

Vulnerable Software

openEuler: 24.03 LTS SP1
python3-perf-debuginfo: before 6.6.0-85.0.0.90
python3-perf: before 6.6.0-85.0.0.90
perf-debuginfo: before 6.6.0-85.0.0.90
perf: before 6.6.0-85.0.0.90
kernel-tools-devel: before 6.6.0-85.0.0.90
kernel-tools-debuginfo: before 6.6.0-85.0.0.90
kernel-tools: before 6.6.0-85.0.0.90
kernel-source: before 6.6.0-85.0.0.90
kernel-headers: before 6.6.0-85.0.0.90
kernel-devel: before 6.6.0-85.0.0.90
kernel-debugsource: before 6.6.0-85.0.0.90
kernel-debuginfo: before 6.6.0-85.0.0.90
bpftool-debuginfo: before 6.6.0-85.0.0.90
bpftool: before 6.6.0-85.0.0.90
kernel: before 6.6.0-85.0.0.90

SB20250403105 - openEuler 24.03 LTS SP1 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human