SB2026013039 - openEuler 20.03 LTS SP4 update for kernel

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) Improper locking (CVE-ID: CVE-2022-50816)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipip6_tunnel_bind_dev() function in net/ipv6/sit.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2022-50824)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the check_acpi_tpm2() function in drivers/char/tpm/tpm_tis.c. A local user can perform a denial of service (DoS) attack.

3) Memory leak (CVE-ID: CVE-2022-50846)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the via_sd_probe() function in drivers/mmc/host/via-sdmmc.c. A local user can perform a denial of service (DoS) attack.

4) Improper locking (CVE-ID: CVE-2022-50850)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the function in drivers/scsi/ipr.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2022-50885)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rxe_qp_do_cleanup() function in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2023-54087)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ubi_add_volume() function in drivers/mtd/ubi/vmt.c. A local user can perform a denial of service (DoS) attack.

7) Memory leak (CVE-ID: CVE-2023-54110)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rndis_query() function in drivers/net/usb/rndis_host.c. A local user can perform a denial of service (DoS) attack.

8) Out-of-bounds read (CVE-ID: CVE-2023-54179)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qla2x00_create_host() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

9) Race condition within a thread (CVE-ID: CVE-2023-54218)

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the include/net/sock.h. A local user can corrupt data.

10) Race condition within a thread (CVE-ID: CVE-2023-54283)

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the kernel/bpf/bpf_lru_list.h. A local user can corrupt data.

11) Memory leak (CVE-ID: CVE-2025-68241)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fnhe_remove_oldest() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.

12) Buffer overflow (CVE-ID: CVE-2025-71093)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the e1000_tbi_should_accept() function in drivers/net/ethernet/intel/e1000/e1000_main.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1276