SB2026012358 - openEuler 24.03 LTS SP2 update for kernel

Main Vulnerability Database SB2026012358

SB2026012358 - openEuler 24.03 LTS SP2 update for kernel

Published: January 23, 2026

Security Bulletin ID SB2026012358

Severity

Low

Patch available

YES

Number of vulnerabilities 8

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2024-58241)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_dev_close_sync() function in net/bluetooth/hci_sync.c. A local user can perform a denial of service (DoS) attack.

2) Improper error handling (CVE-ID: CVE-2025-37928)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __scan() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.

3) Race condition (CVE-ID: CVE-2025-37985)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the pidff_reset() function in drivers/hid/usbhid/hid-pidff.c. A local user can escalate privileges on the system.

4) Input validation error (CVE-ID: CVE-2025-38008)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the kvm_xen_vcpu_set_attr() function in arch/x86/kvm/xen.c. A local user can perform a denial of service (DoS) attack.

5) Input validation error (CVE-ID: CVE-2025-38436)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drm_sched_entity_kill_jobs_work() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2025-39673)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ppp_fill_forward_path(), ppp_unregister_channel(), ppp_connect_channel() and ppp_disconnect_channel() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

7) Memory leak (CVE-ID: CVE-2025-39835)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the xfs_da_read_buf() function in fs/xfs/libxfs/xfs_da_btree.c. A local user can perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2025-39925)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the j1939_sk_netdev_event_netdown() function in net/can/j1939/socket.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1230

Vulnerable Software

openEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-135.0.0.129
python3-perf: before 6.6.0-135.0.0.129
perf-debuginfo: before 6.6.0-135.0.0.129
perf: before 6.6.0-135.0.0.129
kernel-tools-devel: before 6.6.0-135.0.0.129
kernel-tools-debuginfo: before 6.6.0-135.0.0.129
kernel-tools: before 6.6.0-135.0.0.129
kernel-source: before 6.6.0-135.0.0.129
kernel-headers: before 6.6.0-135.0.0.129
kernel-extra-modules: before 6.6.0-135.0.0.129
kernel-devel: before 6.6.0-135.0.0.129
kernel-debugsource: before 6.6.0-135.0.0.129
kernel-debuginfo: before 6.6.0-135.0.0.129
bpftool-debuginfo: before 6.6.0-135.0.0.129
bpftool: before 6.6.0-135.0.0.129
kernel: before 6.6.0-135.0.0.129