SB2025111484 - openEuler 24.03 LTS update for kernel

Main Vulnerability Database SB2025111484

SB2025111484 - openEuler 24.03 LTS update for kernel

Published: November 14, 2025

Security Bulletin ID SB2025111484

Severity

Low

Patch available

YES

Number of vulnerabilities 7

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2025-22073)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the spufs_fill_dir() function in arch/powerpc/platforms/cell/spufs/inode.c. A local user can perform a denial of service (DoS) attack.

2) Resource management error (CVE-ID: CVE-2025-37781)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ec_i2c_probe() function in drivers/i2c/busses/i2c-cros-ec-tunnel.c. A local user can perform a denial of service (DoS) attack.

3) NULL pointer dereference (CVE-ID: CVE-2025-39772)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hibmc_load() function in drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c. A local user can perform a denial of service (DoS) attack.

4) Out-of-bounds read (CVE-ID: CVE-2025-39975)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smb2_compound_op() function in fs/smb/client/smb2inode.c. A local user can perform a denial of service (DoS) attack.

5) Resource management error (CVE-ID: CVE-2025-40026)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the emulator_is_smm() and x86_emulate_instruction() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2025-40044)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.

7) Input validation error (CVE-ID: CVE-2025-40080)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nbd_get_socket() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2656

Vulnerable Software

openEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-117.0.0.109
python3-perf: before 6.6.0-117.0.0.109
perf-debuginfo: before 6.6.0-117.0.0.109
perf: before 6.6.0-117.0.0.109
kernel-tools-devel: before 6.6.0-117.0.0.109
kernel-tools-debuginfo: before 6.6.0-117.0.0.109
kernel-tools: before 6.6.0-117.0.0.109
kernel-source: before 6.6.0-117.0.0.109
kernel-headers: before 6.6.0-117.0.0.109
kernel-devel: before 6.6.0-117.0.0.109
kernel-debugsource: before 6.6.0-117.0.0.109
kernel-debuginfo: before 6.6.0-117.0.0.109
bpftool-debuginfo: before 6.6.0-117.0.0.109
bpftool: before 6.6.0-117.0.0.109
kernel: before 6.6.0-117.0.0.109