openEuler 20.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 24
CVE-ID CVE-2021-47633
CVE-2022-49095
CVE-2022-49235
CVE-2022-49247
CVE-2022-49275
CVE-2022-49337
CVE-2022-49354
CVE-2022-49367
CVE-2022-49395
CVE-2022-49397
CVE-2022-49407
CVE-2022-49416
CVE-2022-49425
CVE-2022-49457
CVE-2022-49478
CVE-2022-49482
CVE-2022-49503
CVE-2022-49517
CVE-2022-49619
CVE-2022-49724
CVE-2023-53005
CVE-2023-53007
CVE-2025-21722
CVE-2025-21785
CWE-ID CWE-125
CWE-401
CWE-908
CWE-667
CWE-416
CWE-399
CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 24 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU104540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47633

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath5k_eeprom_convert_pcal_info_5111() function in drivers/net/wireless/ath/ath5k/eeprom.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU104362

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49095

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the zorro7xx_remove_one() function in drivers/scsi/zorro7xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of uninitialized resource

EUVDB-ID: #VU104767

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49235

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the htc_issue_send() and htc_connect_service() functions in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU104684

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49247

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stk1160_uninit_isoc(), stk1160_stop_streaming() and stk1160_clear_queue() functions in drivers/media/usb/stk1160/stk1160-v4l.c, within the stk1160_disconnect() function in drivers/media/usb/stk1160/stk1160-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU104465

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49275

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the m_can_tx_handler() function in drivers/net/can/m_can/m_can.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU104448

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49337

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the spin_lock() and user_dlm_destroy_lock() functions in fs/ocfs2/dlmfs/userdlm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU104255

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49354

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the octeon_cf_probe() function in drivers/ata/pata_octeon_cf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU104258

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49367

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mv88e6xxx_mdios_register() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU104504

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49395

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the write_ldt_entry() function in arch/x86/um/ldt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU104269

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49397

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qcom_qmp_phy_create() function in drivers/phy/qualcomm/phy-qcom-qmp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU104506

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49407

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dlm_posix_lock(), dlm_plock_callback() and dev_write() functions in fs/dlm/plock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU104424

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49416

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_vif_use_reserved_context() function in net/mac80211/chan.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU104507

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49425

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the f2fs_drop_inmem_page() function in fs/f2fs/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU104285

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49457

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dcscb_init() function in arch/arm/mach-versatile/dcscb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU104510

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49478

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the pvr2_hdw_create() function in drivers/media/usb/pvrusb2/pvrusb2-hdw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU104297

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49482

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mxs_saif_probe() function in sound/soc/mxs/mxs-saif.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Out-of-bounds read

EUVDB-ID: #VU104511

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49503

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath9k_rx_prepare() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory leak

EUVDB-ID: #VU104301

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49517

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mt2701_wm8960_machine_probe() function in sound/soc/mediatek/mt2701/mt2701-wm8960.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU104316

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49619

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sfp_probe() function in drivers/net/phy/sfp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU104863

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49724

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the goldfish_tty_remove() function in drivers/tty/goldfish.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU106194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-53005

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the create_hist_field() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU106225

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-53007

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the init_events() function in kernel/trace/trace_output.c, within the early_trace_init() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU104962

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21722

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_clear_dirty_pages() and nilfs_clear_folio_dirty() functions in fs/nilfs2/page.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU104982

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21785

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the populate_cache_leaves() function in arch/arm64/kernel/cacheinfo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2504.1.0.0322

python3-perf: before 4.19.90-2504.1.0.0322

python2-perf-debuginfo: before 4.19.90-2504.1.0.0322

python2-perf: before 4.19.90-2504.1.0.0322

perf-debuginfo: before 4.19.90-2504.1.0.0322

perf: before 4.19.90-2504.1.0.0322

kernel-tools-devel: before 4.19.90-2504.1.0.0322

kernel-tools-debuginfo: before 4.19.90-2504.1.0.0322

kernel-tools: before 4.19.90-2504.1.0.0322

kernel-source: before 4.19.90-2504.1.0.0322

kernel-devel: before 4.19.90-2504.1.0.0322

kernel-debugsource: before 4.19.90-2504.1.0.0322

kernel-debuginfo: before 4.19.90-2504.1.0.0322

bpftool-debuginfo: before 4.19.90-2504.1.0.0322

bpftool: before 4.19.90-2504.1.0.0322

kernel: before 4.19.90-2504.1.0.0322

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1370


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###