openEuler 24.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 37
CVE-ID CVE-2024-53174
CVE-2024-53680
CVE-2024-56635
CVE-2024-56694
CVE-2024-57924
CVE-2024-57951
CVE-2024-57980
CVE-2024-58005
CVE-2024-58020
CVE-2024-58055
CVE-2024-58077
CVE-2024-58078
CVE-2025-21673
CVE-2025-21674
CVE-2025-21680
CVE-2025-21681
CVE-2025-21683
CVE-2025-21691
CVE-2025-21718
CVE-2025-21722
CVE-2025-21734
CVE-2025-21738
CVE-2025-21754
CVE-2025-21756
CVE-2025-21785
CVE-2025-21787
CVE-2025-21791
CVE-2025-21816
CVE-2025-21820
CVE-2025-21823
CVE-2025-21832
CVE-2025-21844
CVE-2025-21846
CVE-2025-21856
CVE-2025-21863
CVE-2025-21887
CVE-2025-21889
CWE-ID CWE-416
CWE-476
CWE-667
CWE-617
CWE-399
CWE-415
CWE-20
CWE-125
CWE-401
CWE-119
CWE-682
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 37 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU102057

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53174

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the c_show() function in net/sunrpc/cache.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU102928

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53680

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip_vs_protocol_net_cleanup() and ip_vs_protocol_init() functions in net/netfilter/ipvs/ip_vs_proto.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU102026

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56635

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the default_operstate() function in net/core/link_watch.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU102157

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56694

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sk_psock_strp_data_ready() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Reachable assertion

EUVDB-ID: #VU103038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57924

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the ovl_encode_real_fh() function in fs/overlayfs/copy_up.c, within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU103921

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57951

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hrtimers_prepare_cpu() and hrtimers_cpu_dying() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU104971

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57980

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uvc_status_init() function in drivers/media/usb/uvc/uvc_status.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU105072

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58005

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tpm_is_tpm2_log() and tpm_read_log_acpi() functions in drivers/char/tpm/eventlog/acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU105003

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58020

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt_input_configured() function in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Double free

EUVDB-ID: #VU105417

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58055

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the usbg_cmd_work() and bot_cmd_work() functions in drivers/usb/gadget/function/f_tcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU105430

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58077

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the _soc_pcm_ret(), __soc_pcm_prepare(), soc_pcm_prepare(), dpcm_be_dai_prepare() and dpcm_set_fe_update_state() functions in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU105423

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58078

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DEFINE_MUTEX() and misc_register() functions in drivers/char/misc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Double free

EUVDB-ID: #VU103515

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21673

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the clean_demultiplex_info() and cifs_put_tcp_session() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper locking

EUVDB-ID: #VU103588

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21674

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5e_xfrm_add_state() and mlx5e_xfrm_del_state() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU103582

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21680

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_imix_entries() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper locking

EUVDB-ID: #VU103591

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21681

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_output() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU103510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21683

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the BPF_CALL_4() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

EUVDB-ID: #VU103752

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21691

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the SYSCALL_DEFINE4() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU104963

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21718

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rose_heartbeat_expiry(), rose_timer_expiry() and rose_idletimer_expiry() functions in net/rose/rose_timer.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU104962

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21722

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_clear_dirty_pages() and nilfs_clear_folio_dirty() functions in fs/nilfs2/page.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

EUVDB-ID: #VU104975

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21734

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fastrpc_get_args() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU105069

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21738

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ata_pio_sector() function in drivers/ata/libata-sff.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Reachable assertion

EUVDB-ID: #VU105037

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21754

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the btrfs_split_ordered_extent() function in fs/btrfs/ordered-data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU104945

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21756

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() and __vsock_release() functions in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU104982

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21785

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the populate_cache_leaves() function in arch/arm64/kernel/cacheinfo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU105035

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21787

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the team_nl_options_set_doit() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU104952

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21791

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the include/net/l3mdev.h. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU105157

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21816

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the HRTIMER_ACTIVE_SOFT(), DEFINE_PER_CPU(), hrtimer_base_is_online(), lock_hrtimer_base(), raw_spin_unlock(), WRITE_ONCE(), hrtimer_is_hres_enabled() and __hrtimer_start_range_ns() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper locking

EUVDB-ID: #VU105148

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21820

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cdns_uart_handle_rx(), cdns_uart_isr() and cdns_uart_console_write() functions in drivers/tty/serial/xilinx_uartps.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper locking

EUVDB-ID: #VU105149

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21823

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the batadv_v_elp_start_timer(), batadv_v_elp_get_throughput(), batadv_v_elp_throughput_metric_update(), batadv_v_elp_wifi_neigh_probe() and batadv_v_elp_periodic_work() functions in net/batman-adv/bat_v_elp.c, within the batadv_v_hardif_neigh_init() function in net/batman-adv/bat_v.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Incorrect calculation

EUVDB-ID: #VU105429

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21832

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the blkdev_read_iter() function in block/fops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU105659

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21844

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU105660

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21846

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the do_acct_process(), acct_pin_kill(), close_work(), encode_float() and fill_ac() functions in kernel/acct.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU105653

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21856

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ism_dev_release(), ism_probe(), device_del() and ism_remove() functions in drivers/s390/net/ism_drv.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU105676

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21863

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the io_init_req() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU106110

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21887

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ovl_link_up() function in fs/overlayfs/copy_up.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU106120

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21889

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the perf_event_exec() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-85.0.0.90

python3-perf: before 6.6.0-85.0.0.90

perf-debuginfo: before 6.6.0-85.0.0.90

perf: before 6.6.0-85.0.0.90

kernel-tools-devel: before 6.6.0-85.0.0.90

kernel-tools-debuginfo: before 6.6.0-85.0.0.90

kernel-tools: before 6.6.0-85.0.0.90

kernel-source: before 6.6.0-85.0.0.90

kernel-headers: before 6.6.0-85.0.0.90

kernel-devel: before 6.6.0-85.0.0.90

kernel-debugsource: before 6.6.0-85.0.0.90

kernel-debuginfo: before 6.6.0-85.0.0.90

bpftool-debuginfo: before 6.6.0-85.0.0.90

bpftool: before 6.6.0-85.0.0.90

kernel: before 6.6.0-85.0.0.90

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1372


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###