SB2025123039 - openEuler 22.03 LTS SP4 update for kernel

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-49426)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the arm_smmu_alloc_shared_cd(), kfree() and arm_smmu_free_shared_cd() functions in drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c. A local user can escalate privileges on the system.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-52880)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.

3) Memory leak (CVE-ID: CVE-2023-53466)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mt7915_mcu_exit() function in drivers/net/wireless/mediatek/mt76/mt7915/mcu.c. A local user can perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2024-46763)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fou_from_sock(), fou_gro_receive(), fou_gro_complete() and gue_gro_receive() functions in net/ipv4/fou.c. A local user can perform a denial of service (DoS) attack.

5) Input validation error (CVE-ID: CVE-2024-47740)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_ioc_start_atomic_write(), f2fs_ioc_commit_atomic_write(), f2fs_ioc_start_volatile_write(), f2fs_ioc_release_volatile_write() and f2fs_ioc_abort_volatile_write() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

6) Incorrect calculation (CVE-ID: CVE-2024-53138)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the tx_sync_info_get(), mlx5e_ktls_tx_handle_resync_dump_comp() and mlx5e_ktls_tx_handle_ooo() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_tx.c. A local user can perform a denial of service (DoS) attack.

7) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-53241)

The vulnerability allows a malicious guest to gain access to sensitive information.

The vulnerability exists due to implemented mitigations for hardware vulnerabilities related to Xen hypercall page implementation the guest OS is relying on to work might not be fully functional, resulting in e.g. guest user processes being able to read data they ought not have access to.

8) NULL pointer dereference (CVE-ID: CVE-2025-21744)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcmf_txfinalize() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can perform a denial of service (DoS) attack.

9) Improper error handling (CVE-ID: CVE-2025-21806)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.

10) Improper locking (CVE-ID: CVE-2025-21820)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cdns_uart_handle_rx(), cdns_uart_isr() and cdns_uart_console_write() functions in drivers/tty/serial/xilinx_uartps.c. A local user can perform a denial of service (DoS) attack.

11) Memory leak (CVE-ID: CVE-2025-37807)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the htab_is_percpu() and htab_percpu_map_gen_lookup() functions in kernel/bpf/hashtab.c. A local user can perform a denial of service (DoS) attack.

12) Race condition (CVE-ID: CVE-2025-38561)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to a race condition within the smb2_sess_setup() function in fs/smb/server/smb2pdu.c when handling the Preauth_HashValue field. A remote user can execute arbitrary code in the context of the kernel.

13) Resource management error (CVE-ID: CVE-2025-39756)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the alloc_fdtable() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2025-39901)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i40e_dbg_find_vsi(), i40e_dbg_command_write() and i40e_dbg_netdev_ops_write() functions in drivers/net/ethernet/intel/i40e/i40e_debugfs.c. A local user can escalate privileges on the system.

15) Use-after-free (CVE-ID: CVE-2025-40211)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the acpi_video_bus_remove_notify_handler() function in drivers/acpi/acpi_video.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2887