openEuler 20.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 27
CVE-ID CVE-2021-47634
CVE-2021-47656
CVE-2022-49052
CVE-2022-49087
CVE-2022-49155
CVE-2022-49248
CVE-2022-49276
CVE-2022-49277
CVE-2022-49315
CVE-2022-49324
CVE-2022-49331
CVE-2022-49375
CVE-2022-49414
CVE-2022-49488
CVE-2022-49489
CVE-2022-49513
CVE-2022-49514
CVE-2022-49527
CVE-2022-49532
CVE-2022-49544
CVE-2022-49581
CVE-2022-49608
CVE-2022-49682
CVE-2022-49725
CVE-2022-49729
CVE-2024-58009
CVE-2025-21791
CWE-ID CWE-416
CWE-401
CWE-667
CWE-908
CWE-476
CWE-399
CWE-119
CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 27 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU104502

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47634

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vol_attribute_show() function in drivers/mtd/ubi/vmt.c, within the dev_attribute_show(), ubi_attach_mtd_dev() and uif_close() functions in drivers/mtd/ubi/build.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU104497

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47656

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jffs2_free_ino_caches() function in fs/jffs2/fs.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU104355

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49052

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the end_swap_bio_write(), end_swap_bio_read() and swap_readpage() functions in mm/page_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU104473

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49087

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rxrpc_exit_net() function in net/rxrpc/net_ns.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU104709

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49155

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qla2xxx_create_qpair() function in drivers/scsi/qla2xxx/qla_init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use of uninitialized resource

EUVDB-ID: #VU104768

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49248

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the fcp_avc_transaction() function in sound/firewire/fcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU104237

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49276

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the jffs2_scan_medium() function in fs/jffs2/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU104238

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49277

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the jffs2_do_mount_fs() function in fs/jffs2/build.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU104694

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49315

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtllib_beacons_stop() function in drivers/staging/rtl8192e/rtllib_softmac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU104248

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49324

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mips_cpc_default_phys_base() function in arch/mips/kernel/mips-cpc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU104249

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49331

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the st21nfca_connectivity_event_received() function in drivers/nfc/st21nfca/se.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU104564

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49375

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_rtc_probe() function in drivers/rtc/rtc-mt6397.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU104653

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49414

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_punch_hole() function in fs/ext4/inode.c, within the ext4_fallocate() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU104586

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49488

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mdp5_mixer_assign() function in drivers/gpu/drm/msm/disp/mdp5/mdp5_mixer.c, within the mdp5_crtc_setup_pipeline() function in drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU104415

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49489

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the _dpu_kms_hw_destroy() function in drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource management error

EUVDB-ID: #VU104865

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49513

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the free_policy_dbs_info(), cpufreq_dbs_governor_init() and cpufreq_dbs_governor_exit() functions in drivers/cpufreq/cpufreq_governor.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU104300

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49514

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mt8173_max98090_dev_probe() function in sound/soc/mediatek/mt8173/mt8173-max98090.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU104597

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49527

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hfi_core_deinit() function in drivers/media/platform/qcom/venus/hfi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU104599

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49532

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the virtio_gpu_conn_get_modes() function in drivers/gpu/drm/virtio/virtgpu_display.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

EUVDB-ID: #VU104601

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49544

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the libipw_xmit() function in drivers/net/wireless/intel/ipw2x00/libipw_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU104800

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49581

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the be_get_module_info() and be_get_module_eeprom() functions in drivers/net/ethernet/emulex/benet/be_ethtool.c, within the be_cmd_read_port_transceiver_data(), be_cmd_query_cable_type() and be_cmd_query_sfp_info() functions in drivers/net/ethernet/emulex/benet/be_cmds.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU104455

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49608

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rt2880_pinmux_pins() function in drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Memory leak

EUVDB-ID: #VU104339

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49682

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the calibrate_ccount() function in arch/xtensa/kernel/time.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU104715

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49725

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i40e_diag_test() function in drivers/net/ethernet/intel/i40e/i40e_ethtool.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Memory leak

EUVDB-ID: #VU104353

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49729

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfcmrvl_play_deferred() function in drivers/nfc/nfcmrvl/usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU105007

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58009

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU104952

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21791

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the include/net/l3mdev.h. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2503.4.0.0320

python3-perf: before 4.19.90-2503.4.0.0320

python2-perf-debuginfo: before 4.19.90-2503.4.0.0320

python2-perf: before 4.19.90-2503.4.0.0320

perf-debuginfo: before 4.19.90-2503.4.0.0320

perf: before 4.19.90-2503.4.0.0320

kernel-tools-devel: before 4.19.90-2503.4.0.0320

kernel-tools-debuginfo: before 4.19.90-2503.4.0.0320

kernel-tools: before 4.19.90-2503.4.0.0320

kernel-source: before 4.19.90-2503.4.0.0320

kernel-devel: before 4.19.90-2503.4.0.0320

kernel-debugsource: before 4.19.90-2503.4.0.0320

kernel-debuginfo: before 4.19.90-2503.4.0.0320

bpftool-debuginfo: before 4.19.90-2503.4.0.0320

bpftool: before 4.19.90-2503.4.0.0320

kernel: before 4.19.90-2503.4.0.0320

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1317


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###