SB2025121263 - openEuler 24.03 LTS SP1 update for kernel
Published: December 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 67 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2024-53131)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __nilfs_get_page_block() function in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2024-57887)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the adv7533_parse_dt() function in drivers/gpu/drm/bridge/adv7511/adv7533.c, within the adv7511_probe(), i2c_unregister_device() and adv7511_remove() functions in drivers/gpu/drm/bridge/adv7511/adv7511_drv.c. A local user can escalate privileges on the system.
3) Use-after-free (CVE-ID: CVE-2024-57900)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX() and ila_add_mapping() functions in net/ipv6/ila/ila_xlat.c. A local user can escalate privileges on the system.
4) Input validation error (CVE-ID: CVE-2024-58095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the extAlloc() and extRecord() functions in fs/jfs/jfs_extent.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2025-21945)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the list_del() function in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
6) Use-after-free (CVE-ID: CVE-2025-21968)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_destroy() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
7) Improper locking (CVE-ID: CVE-2025-22022)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/usb/host/xhci.h. A local user can perform a denial of service (DoS) attack.
8) Memory leak (CVE-ID: CVE-2025-22025)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_alloc_open_stateid() and nfsd_break_one_deleg() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
9) Buffer overflow (CVE-ID: CVE-2025-22026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfsd_show() function in fs/nfsd/stats.c, within the nfsd_net_init() function in fs/nfsd/nfsctl.c. A local user can perform a denial of service (DoS) attack.
10) Out-of-bounds read (CVE-ID: CVE-2025-22039)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb_inherit_dacl() and smb_check_perm_dacl() functions in fs/smb/server/smbacl.c. A local user can perform a denial of service (DoS) attack.
11) Input validation error (CVE-ID: CVE-2025-22042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_lease_state() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2025-22043)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_durable_handle_context() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
13) Out-of-bounds read (CVE-ID: CVE-2025-23133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath11k_reg_notifier(), ath11k_regd_update() and ath11k_regd_update_work() functions in drivers/net/wireless/ath/ath11k/reg.c. A local user can perform a denial of service (DoS) attack.
14) Buffer overflow (CVE-ID: CVE-2025-37822)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch_uprobe_copy_ixol() function in arch/riscv/kernel/probes/uprobes.c. A local user can perform a denial of service (DoS) attack.
15) Improper locking (CVE-ID: CVE-2025-37861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mpi3mr_process_factsdata(), mpi3mr_process_admin_reply_q(), mpi3mr_process_op_reply_q(), mpi3mr_check_op_admin_proc() and mpi3mr_soft_reset_handler() functions in drivers/scsi/mpi3mr/mpi3mr_fw.c. A local user can perform a denial of service (DoS) attack.
16) Use-after-free (CVE-ID: CVE-2025-37899)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the smb2_session_logoff() function in fs/smb/server/smb2pdu.c. A remote attacker can send specially crafted data to the SMB client during session logoff and compromise the affected system.
17) Buffer overflow (CVE-ID: CVE-2025-37973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cfg80211_defrag_mle() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
18) NULL pointer dereference (CVE-ID: CVE-2025-37994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_displayport_remove_partner() function in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
19) Improper locking (CVE-ID: CVE-2025-37997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/netfilter/ipset/ip_set_hash_gen.h. A local user can perform a denial of service (DoS) attack.
20) Improper locking (CVE-ID: CVE-2025-38005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the udma_check_tx_completion() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
21) Incorrect calculation (CVE-ID: CVE-2025-38058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __legitimize_mnt() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
22) Use-after-free (CVE-ID: CVE-2025-38071)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
23) Use-after-free (CVE-ID: CVE-2025-38109)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_eswitch_enable_pf_vf_vports() and mlx5_eswitch_disable_pf_vf_vports() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can escalate privileges on the system.
24) NULL pointer dereference (CVE-ID: CVE-2025-38231)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfsd_startup_net() function in fs/nfsd/nfssvc.c. A local user can perform a denial of service (DoS) attack.
25) Improper locking (CVE-ID: CVE-2025-38282)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernfs_should_drain_open_files() function in fs/kernfs/file.c, within the kernfs_break_active_protection() function in fs/kernfs/dir.c. A local user can perform a denial of service (DoS) attack.
26) Use-after-free (CVE-ID: CVE-2025-38350)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_alloc_handle() and qdisc_tree_reduce_backlog() functions in net/sched/sch_api.c. A local user can escalate privileges on the system.
27) NULL pointer dereference (CVE-ID: CVE-2025-38361)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dce110_blank_stream() function in drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c. A local user can perform a denial of service (DoS) attack.
28) Use-after-free (CVE-ID: CVE-2025-38443)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_start_device() and set_bit() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
29) Improper error handling (CVE-ID: CVE-2025-38457)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qdisc_leaf(), tc_get_qdisc() and NL_SET_ERR_MSG() functions in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
30) Memory leak (CVE-ID: CVE-2025-38470)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __vlan_device_event() and vlan_device_event() functions in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2025-38477)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qfq_change_class(), qfq_delete_class(), qfq_dump_class() and qfq_dump_class_stats() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
32) Use-after-free (CVE-ID: CVE-2025-38527)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_oplock_break() and cifs_put_tlink() functions in fs/smb/client/file.c. A local user can escalate privileges on the system.
33) Resource management error (CVE-ID: CVE-2025-38566)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the svc_tcp_sock_process_cmsg(), svc_tcp_read_msg() and svc_tcp_read_marker() functions in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
34) Infinite loop (CVE-ID: CVE-2025-38588)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rt6_nh_nlmsg_size() function in net/ipv6/route.c, within the WRITE_ONCE() and fib6_del_route() functions in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
35) Infinite loop (CVE-ID: CVE-2025-38614)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the ep_poll() and ep_loop_check_proc() functions in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
36) Improper locking (CVE-ID: CVE-2025-38617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the packet_set_ring() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
37) Out-of-bounds read (CVE-ID: CVE-2025-38636)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kernel/trace/rv/rv_trace.h. A local user can perform a denial of service (DoS) attack.
38) NULL pointer dereference (CVE-ID: CVE-2025-38664)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_copy_and_init_pkg() function in drivers/net/ethernet/intel/ice/ice_ddp.c. A local user can perform a denial of service (DoS) attack.
39) NULL pointer dereference (CVE-ID: CVE-2025-38706)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_soc_remove_pcm_runtime() function in sound/soc/soc-core.c. A local user can perform a denial of service (DoS) attack.
40) Improper locking (CVE-ID: CVE-2025-38727)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netlink_attachskb() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
41) NULL pointer dereference (CVE-ID: CVE-2025-39675)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_create_session() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.
42) Integer underflow (CVE-ID: CVE-2025-39677)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_load_priomap() and fq_change() functions in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can execute arbitrary code.
43) Memory leak (CVE-ID: CVE-2025-39684)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the do_insnlist_ioctl() and do_insn_ioctl() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
44) Improper locking (CVE-ID: CVE-2025-39697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_page_set_inode_ref(), nfs_page_group_lock() and nfs_inode_remove_request() functions in fs/nfs/write.c, within the nfs_page_group_unlock() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
45) Buffer overflow (CVE-ID: CVE-2025-39810)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bnxt_set_xps_mapping(), bnxt_trim_dflt_sh_rings(), bnxt_set_dflt_rings() and bnxt_init_dflt_ring_mode() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can escalate privileges on the system.
46) Buffer overflow (CVE-ID: CVE-2025-39817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efivarfs_d_compare() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
47) Race condition (CVE-ID: CVE-2025-39825)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the cifs_rename2() function in fs/smb/client/inode.c. A local user can escalate privileges on the system.
48) Use-after-free (CVE-ID: CVE-2025-39866)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.
49) Use-after-free (CVE-ID: CVE-2025-39881)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the of_on(), kernfs_seq_stop_active(), kernfs_seq_start(), kernfs_file_read_iter(), kernfs_fop_write_iter(), kernfs_vma_open(), kernfs_vma_fault(), kernfs_vma_page_mkwrite(), kernfs_vma_access(), kernfs_fop_mmap() and kernfs_fop_poll() functions in fs/kernfs/file.c. A local user can escalate privileges on the system.
50) Resource management error (CVE-ID: CVE-2025-39911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_vsi_request_irq_msix() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
51) NULL pointer dereference (CVE-ID: CVE-2025-39947)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mlx5/driver.h. A local user can perform a denial of service (DoS) attack.
52) Use-after-free (CVE-ID: CVE-2025-39994)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xc5000_release() function in drivers/media/tuners/xc5000.c. A local user can escalate privileges on the system.
53) Use-after-free (CVE-ID: CVE-2025-39996)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the flexcop_pci_remove() function in drivers/media/pci/b2c2/flexcop-pci.c. A local user can escalate privileges on the system.
54) Resource management error (CVE-ID: CVE-2025-40016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/media/usb/uvc/uvcvideo.h. A local user can perform a denial of service (DoS) attack.
55) Use of uninitialized resource (CVE-ID: CVE-2025-40049)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the fs/squashfs/squashfs_fs_i.h. A local user can perform a denial of service (DoS) attack.
56) Use-after-free (CVE-ID: CVE-2025-40052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fill_transform_hdr(), smb2_aead_req_alloc() and crypt_message() functions in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
57) Incorrect calculation (CVE-ID: CVE-2025-40058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the drivers/iommu/intel/iommu.h. A local user can perform a denial of service (DoS) attack.
58) Use-after-free (CVE-ID: CVE-2025-40061)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_task() function in drivers/infiniband/sw/rxe/rxe_task.c. A local user can escalate privileges on the system.
59) Use-after-free (CVE-ID: CVE-2025-40074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv4_neigh_lookup() function in net/ipv4/route.c. A local user can escalate privileges on the system.
60) Improper locking (CVE-ID: CVE-2025-40075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcpm_new(), __tcp_get_metrics_req() and tcp_get_metrics() functions in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
61) Input validation error (CVE-ID: CVE-2025-40104)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/ixgbevf/vf.h. A local user can perform a denial of service (DoS) attack.
62) Out-of-bounds read (CVE-ID: CVE-2025-40121)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the MODULE_PARM_DESC() function in sound/soc/intel/boards/bytcr_rt5651.c. A local user can perform a denial of service (DoS) attack.
63) Use-after-free (CVE-ID: CVE-2025-40135)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_autoflowlabel() and ip6_xmit() functions in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
64) Use-after-free (CVE-ID: CVE-2025-40139)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_clc_msg_hdr_valid(), smc_clc_prfx_set4_rcu() and smc_clc_prfx_set() functions in net/smc/smc_clc.c. A local user can escalate privileges on the system.
65) Use-after-free (CVE-ID: CVE-2025-40149)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_device_queue_ctx_destruction() function in net/tls/tls_device.c. A local user can escalate privileges on the system.
66) Use of uninitialized resource (CVE-ID: CVE-2025-40155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the domain_translation_struct_show() function in drivers/iommu/intel/debugfs.c. A local user can perform a denial of service (DoS) attack.
67) Use-after-free (CVE-ID: CVE-2025-40158)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_finish_output2() and ip6_finish_output() functions in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.