SB2025120576 - openEuler 24.03 LTS SP1 update for kernel

Main Vulnerability Database SB2025120576

SB2025120576 - openEuler 24.03 LTS SP1 update for kernel

Published: December 5, 2025

Security Bulletin ID SB2025120576

Severity

Low

Patch available

YES

Number of vulnerabilities 14

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2025-21693)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zswap_pool_create(), zswap_cpu_comp_prepare(), zswap_cpu_comp_dead(), zswap_compress() and zswap_decompress() functions in mm/zswap.c. A local user can escalate privileges on the system.

2) Use-after-free (CVE-ID: CVE-2025-22020)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtsx_usb_ms_drv_remove() function in drivers/memstick/host/rtsx_usb_ms.c. A local user can escalate privileges on the system.

3) Memory leak (CVE-ID: CVE-2025-22083)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vhost_scsi_set_endpoint(), target_undepend_item() and vhost_scsi_flush() functions in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.

4) Out-of-bounds read (CVE-ID: CVE-2025-22107)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sja1105_table_delete_entry() function in drivers/net/dsa/sja1105/sja1105_static_config.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2025-23147)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i3c_master_unregister_i3c_devs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.

6) Buffer overflow (CVE-ID: CVE-2025-23159)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the venus_sfr_print() function in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.

7) NULL pointer dereference (CVE-ID: CVE-2025-37758)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pxa_ata_probe() function in drivers/ata/pata_pxa.c. A local user can perform a denial of service (DoS) attack.

8) Improper locking (CVE-ID: CVE-2025-37812)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cdns3_device_thread_irq_handler() function in drivers/usb/cdns3/cdns3-gadget.c. A local user can perform a denial of service (DoS) attack.

9) Input validation error (CVE-ID: CVE-2025-37839)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the jbd2_journal_update_sb_log_tail() function in fs/jbd2/journal.c. A local user can perform a denial of service (DoS) attack.

10) Input validation error (CVE-ID: CVE-2025-37863)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ovl_get_lowerstack() function in fs/overlayfs/super.c. A local user can perform a denial of service (DoS) attack.

11) Buffer overflow (CVE-ID: CVE-2025-37891)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the include/sound/ump_convert.h. A local user can escalate privileges on the system.

12) Improper locking (CVE-ID: CVE-2025-38234)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the find_lowest_rq() and find_lock_lowest_rq() functions in kernel/sched/rt.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2025-38349)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ep_remove() and ep_clear_and_put() functions in fs/eventpoll.c. A local user can escalate privileges on the system.

14) Resource management error (CVE-ID: CVE-2025-39785)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hibmc_unload() and hibmc_msi_init() functions in drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2775

Vulnerable Software

openEuler: 24.03 LTS SP1
python3-perf-debuginfo: before 6.6.0-125.0.0.124
python3-perf: before 6.6.0-125.0.0.124
perf-debuginfo: before 6.6.0-125.0.0.124
perf: before 6.6.0-125.0.0.124
kernel-tools-devel: before 6.6.0-125.0.0.124
kernel-tools-debuginfo: before 6.6.0-125.0.0.124
kernel-tools: before 6.6.0-125.0.0.124
kernel-source: before 6.6.0-125.0.0.124
kernel-headers: before 6.6.0-125.0.0.124
kernel-devel: before 6.6.0-125.0.0.124
kernel-debugsource: before 6.6.0-125.0.0.124
kernel-debuginfo: before 6.6.0-125.0.0.124
bpftool-debuginfo: before 6.6.0-125.0.0.124
bpftool: before 6.6.0-125.0.0.124
kernel: before 6.6.0-125.0.0.124