SB2025121949 - openEuler 22.03 LTS SP3 update for kernel

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2025-22079)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __ocfs2_find_path() function in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2025-23146)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kb3930_probe() function in drivers/mfd/ene-kb3930.c. A local user can perform a denial of service (DoS) attack.

3) Input validation error (CVE-ID: CVE-2025-37839)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the jbd2_journal_update_sb_log_tail() function in fs/jbd2/journal.c. A local user can perform a denial of service (DoS) attack.

4) Out-of-bounds read (CVE-ID: CVE-2025-40322)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bit_putcs_aligned() and bit_putcs_unaligned() functions in drivers/video/fbdev/core/bitblit.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2852