SB20250403106 - openEuler 24.03 LTS update for kernel
Published: April 3, 2025 Updated: July 3, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 33 secuirty vulnerabilities.
1) Reachable assertion (CVE-ID: CVE-2024-57924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_encode_real_fh() function in fs/overlayfs/copy_up.c, within the show_mark_fhandle() function in fs/notify/fdinfo.c. A local user can perform a denial of service (DoS) attack.
2) Resource management error (CVE-ID: CVE-2024-57951)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hrtimers_prepare_cpu() and hrtimers_cpu_dying() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2024-57980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_status_init() function in drivers/media/usb/uvc/uvc_status.c. A local user can escalate privileges on the system.
4) Resource management error (CVE-ID: CVE-2024-58005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tpm_is_tpm2_log() and tpm_read_log_acpi() functions in drivers/char/tpm/eventlog/acpi.c. A local user can perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2024-58020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt_input_configured() function in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.
6) Double free (CVE-ID: CVE-2024-58055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the usbg_cmd_work() and bot_cmd_work() functions in drivers/usb/gadget/function/f_tcm.c. A local user can perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2024-58077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the _soc_pcm_ret(), __soc_pcm_prepare(), soc_pcm_prepare(), dpcm_be_dai_prepare() and dpcm_set_fe_update_state() functions in sound/soc/soc-pcm.c. A local user can perform a denial of service (DoS) attack.
8) Resource management error (CVE-ID: CVE-2024-58078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX() and misc_register() functions in drivers/char/misc.c. A local user can perform a denial of service (DoS) attack.
9) Double free (CVE-ID: CVE-2025-21673)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the clean_demultiplex_info() and cifs_put_tcp_session() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
10) Improper locking (CVE-ID: CVE-2025-21674)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_xfrm_add_state() and mlx5e_xfrm_del_state() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c. A local user can perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2025-21680)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_imix_entries() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
12) Improper locking (CVE-ID: CVE-2025-21681)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_output() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.
13) Memory leak (CVE-ID: CVE-2025-21683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the BPF_CALL_4() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
14) Resource management error (CVE-ID: CVE-2025-21691)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the SYSCALL_DEFINE4() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
15) Use-after-free (CVE-ID: CVE-2025-21718)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rose_heartbeat_expiry(), rose_timer_expiry() and rose_idletimer_expiry() functions in net/rose/rose_timer.c. A local user can escalate privileges on the system.
16) Use-after-free (CVE-ID: CVE-2025-21722)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_clear_dirty_pages() and nilfs_clear_folio_dirty() functions in fs/nilfs2/page.c. A local user can escalate privileges on the system.
17) Out-of-bounds read (CVE-ID: CVE-2025-21734)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fastrpc_get_args() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.
18) Buffer overflow (CVE-ID: CVE-2025-21738)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ata_pio_sector() function in drivers/ata/libata-sff.c. A local user can perform a denial of service (DoS) attack.
19) Reachable assertion (CVE-ID: CVE-2025-21754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the btrfs_split_ordered_extent() function in fs/btrfs/ordered-data.c. A local user can perform a denial of service (DoS) attack.
20) Use-after-free (CVE-ID: CVE-2025-21756)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() and __vsock_release() functions in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
21) Out-of-bounds read (CVE-ID: CVE-2025-21785)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the populate_cache_leaves() function in arch/arm64/kernel/cacheinfo.c. A local user can perform a denial of service (DoS) attack.
22) Input validation error (CVE-ID: CVE-2025-21787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the team_nl_options_set_doit() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2025-21791)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the include/net/l3mdev.h. A local user can escalate privileges on the system.
24) Resource management error (CVE-ID: CVE-2025-21816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the HRTIMER_ACTIVE_SOFT(), DEFINE_PER_CPU(), hrtimer_base_is_online(), lock_hrtimer_base(), raw_spin_unlock(), WRITE_ONCE(), hrtimer_is_hres_enabled() and __hrtimer_start_range_ns() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.
25) Improper locking (CVE-ID: CVE-2025-21820)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdns_uart_handle_rx(), cdns_uart_isr() and cdns_uart_console_write() functions in drivers/tty/serial/xilinx_uartps.c. A local user can perform a denial of service (DoS) attack.
26) Improper locking (CVE-ID: CVE-2025-21823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_v_elp_start_timer(), batadv_v_elp_get_throughput(), batadv_v_elp_throughput_metric_update(), batadv_v_elp_wifi_neigh_probe() and batadv_v_elp_periodic_work() functions in net/batman-adv/bat_v_elp.c, within the batadv_v_hardif_neigh_init() function in net/batman-adv/bat_v.c. A local user can perform a denial of service (DoS) attack.
27) Incorrect calculation (CVE-ID: CVE-2025-21832)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the blkdev_read_iter() function in block/fops.c. A local user can perform a denial of service (DoS) attack.
28) NULL pointer dereference (CVE-ID: CVE-2025-21844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
29) NULL pointer dereference (CVE-ID: CVE-2025-21846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the do_acct_process(), acct_pin_kill(), close_work(), encode_float() and fill_ac() functions in kernel/acct.c. A local user can perform a denial of service (DoS) attack.
30) Use-after-free (CVE-ID: CVE-2025-21856)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ism_dev_release(), ism_probe(), device_del() and ism_remove() functions in drivers/s390/net/ism_drv.c. A local user can escalate privileges on the system.
31) Input validation error (CVE-ID: CVE-2025-21863)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the io_init_req() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2025-21887)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovl_link_up() function in fs/overlayfs/copy_up.c. A local user can escalate privileges on the system.
33) Improper locking (CVE-ID: CVE-2025-21889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the perf_event_exec() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.