SB2025120578 - openEuler 22.03 LTS SP4 update for kernel
Published: December 5, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2021-47653)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the MODULE_ALIAS(), vpif_channel_getfid() and vpif_probe() functions in drivers/media/platform/davinci/vpif.c. A local user can perform a denial of service (DoS) attack.
2) Buffer overflow (CVE-ID: CVE-2022-49267)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error caused by usage of sprintf() function in drivers/mmc/core/bus.c, drivers/mmc/core/sdio.c, drivers/mmc/core/sdio_bus.c, drivers/mmc/core/sd.c, and drivers/mmc/core/mmc.c files. A local user can trigger memory corruption and execute arbitrary code on the target system.
3) Use-after-free (CVE-ID: CVE-2022-49470)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btmtksdio_recv_event() function in drivers/bluetooth/btmtksdio.c. A local user can escalate privileges on the system.
4) Input validation error (CVE-ID: CVE-2023-53510)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ufshcd_queuecommand(), ufshcd_exec_dev_cmd(), ufshcd_release_scsi_cmd(), ufshcd_issue_devman_upiu_cmd() and ufshcd_advanced_rpmb_req_handler() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
5) Out-of-bounds read (CVE-ID: CVE-2024-58007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qcom_socinfo_probe() function in drivers/soc/qcom/socinfo.c. A local user can perform a denial of service (DoS) attack.
6) Input validation error (CVE-ID: CVE-2024-58095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the extAlloc() and extRecord() functions in fs/jfs/jfs_extent.c. A local user can perform a denial of service (DoS) attack.
7) Use-after-free (CVE-ID: CVE-2025-21693)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zswap_pool_create(), zswap_cpu_comp_prepare(), zswap_cpu_comp_dead(), zswap_compress() and zswap_decompress() functions in mm/zswap.c. A local user can escalate privileges on the system.
8) Use-after-free (CVE-ID: CVE-2025-21945)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the list_del() function in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
9) Use-after-free (CVE-ID: CVE-2025-37786)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dsa_tree_teardown_lags(), dsa_tree_setup(), dsa_tree_teardown_switches() and dsa_tree_teardown() functions in net/dsa/dsa.c. A local user can escalate privileges on the system.
10) Use-after-free (CVE-ID: CVE-2025-37899)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the smb2_session_logoff() function in fs/smb/server/smb2pdu.c. A remote attacker can send specially crafted data to the SMB client during session logoff and compromise the affected system.
11) NULL pointer dereference (CVE-ID: CVE-2025-37994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_displayport_remove_partner() function in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
12) Improper locking (CVE-ID: CVE-2025-37997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/netfilter/ipset/ip_set_hash_gen.h. A local user can perform a denial of service (DoS) attack.
13) Improper locking (CVE-ID: CVE-2025-38084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_vma() function in mm/vma.c, within the hugetlb_vma_lock_free(), hugetlb_vm_op_split(), move_hugetlb_state() and hugetlb_unshare_pmds() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2025-38477)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qfq_change_class(), qfq_delete_class(), qfq_dump_class() and qfq_dump_class_stats() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
15) Buffer overflow (CVE-ID: CVE-2025-39817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efivarfs_d_compare() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
16) Use-after-free (CVE-ID: CVE-2025-39994)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xc5000_release() function in drivers/media/tuners/xc5000.c. A local user can escalate privileges on the system.
17) Use of uninitialized resource (CVE-ID: CVE-2025-40049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the fs/squashfs/squashfs_fs_i.h. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2025-40149)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_device_queue_ctx_destruction() function in net/tls/tls_device.c. A local user can escalate privileges on the system.
19) Input validation error (CVE-ID: CVE-2025-40170)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sk_clone_lock(), sk_dst_gso_max_size() and sk_setup_caps() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.
20) Resource management error (CVE-ID: CVE-2025-40204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.