Main Vulnerability Database SB2025032913

SB2025032913 - openEuler 24.03 LTS SP1 update for kernel

Published: March 29, 2025

Security Bulletin ID SB2025032913

Severity

Low

Patch available

YES

Number of vulnerabilities 47

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 47 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2024-56642)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cleanup_bearer() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.

2) Out-of-bounds read (CVE-ID: CVE-2024-56648)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fill_frame_info() function in net/hsr/hsr_forward.c. A local user can perform a denial of service (DoS) attack.

3) NULL pointer dereference (CVE-ID: CVE-2024-56670)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gs_start_io() function in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.

4) Integer overflow (CVE-ID: CVE-2024-57973)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the copy_gl_to_skb_pkt() function in drivers/infiniband/hw/cxgb4/device.c. A local user can execute arbitrary code.

5) NULL pointer dereference (CVE-ID: CVE-2024-57978)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mxc_jpeg_detach_pm_domains() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2024-57986)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hid_apply_multiplier() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

7) Resource management error (CVE-ID: CVE-2024-57993)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the thrustmaster_interrupts() function in drivers/hid/hid-thrustmaster.c. A local user can perform a denial of service (DoS) attack.

8) Use of uninitialized resource (CVE-ID: CVE-2024-57997)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the wcn36xx_probe() function in drivers/net/wireless/ath/wcn36xx/main.c. A local user can perform a denial of service (DoS) attack.

9) Reachable assertion (CVE-ID: CVE-2024-57998)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the _find_opp_table(), _opp_table_find_key(), _find_key(), _find_key_exact(), _opp_table_find_key_ceil(), _find_key_ceil(), dev_pm_opp_find_freq_exact_indexed(), dev_pm_opp_find_freq_ceil_indexed(), dev_pm_opp_find_freq_floor_indexed(), dev_pm_opp_remove(), _opp_add_v1(), _opp_set_availability() and dev_pm_opp_adjust_voltage() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.

10) Input validation error (CVE-ID: CVE-2024-58006)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dw_pcie_ep_set_bar() function in drivers/pci/controller/dwc/pcie-designware-ep.c. A local user can perform a denial of service (DoS) attack.

11) Use-after-free (CVE-ID: CVE-2024-58034)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tegra_emc_find_node_by_ram_code() function in drivers/memory/tegra/tegra20-emc.c. A local user can escalate privileges on the system.

12) NULL pointer dereference (CVE-ID: CVE-2024-58051)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ipmb_probe() function in drivers/char/ipmi/ipmb_dev_int.c. A local user can perform a denial of service (DoS) attack.

13) NULL pointer dereference (CVE-ID: CVE-2024-58052)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the atomctrl_get_smc_sclk_range_table() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

14) Input validation error (CVE-ID: CVE-2024-58053)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rxrpc_abort_conn() and rxrpc_abort_calls() functions in net/rxrpc/conn_event.c. A local user can perform a denial of service (DoS) attack.

15) Resource management error (CVE-ID: CVE-2024-58054)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the max96712_probe() function in drivers/staging/media/max96712/max96712.c. A local user can perform a denial of service (DoS) attack.

16) Resource management error (CVE-ID: CVE-2024-58056)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the rproc_alloc() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.

17) Use-after-free (CVE-ID: CVE-2024-58058)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ubifs_dump_tnc() function in fs/ubifs/debug.c. A local user can escalate privileges on the system.

18) Input validation error (CVE-ID: CVE-2024-58061)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ieee80211_if_parse_active_links() function in net/mac80211/debugfs_netdev.c. A local user can perform a denial of service (DoS) attack.

19) Memory leak (CVE-ID: CVE-2024-58063)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rtl_pci_probe() function in drivers/net/wireless/realtek/rtlwifi/pci.c. A local user can perform a denial of service (DoS) attack.

20) NULL pointer dereference (CVE-ID: CVE-2024-58068)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the assert_clk_index(), dev_pm_opp_find_bw_ceil() and dev_pm_opp_find_bw_floor() functions in drivers/opp/core.c. A local user can perform a denial of service (DoS) attack.

21) Improper locking (CVE-ID: CVE-2024-58071)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the team_port_add() function in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.

22) Use-after-free (CVE-ID: CVE-2024-58072)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtl_pci_get_amd_l1_patch(), _rtl_pci_find_adapter(), rtl_pci_probe(), rtl_pci_disconnect() and EXPORT_SYMBOL() functions in drivers/net/wireless/realtek/rtlwifi/pci.c, within the MODULE_AUTHOR() and rtl_core_module_init() functions in drivers/net/wireless/realtek/rtlwifi/base.c. A local user can escalate privileges on the system.

23) Incorrect calculation (CVE-ID: CVE-2025-21687)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the vfio_platform_read_mmio() and vfio_platform_write_mmio() functions in drivers/vfio/platform/vfio_platform_common.c. A local user can perform a denial of service (DoS) attack.

24) Improper locking (CVE-ID: CVE-2025-21705)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mptcp_sendmsg_fastopen() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

25) Use of uninitialized resource (CVE-ID: CVE-2025-21707)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mptcp_parse_option() and mptcp_get_options() functions in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.

26) Resource management error (CVE-ID: CVE-2025-21708)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the MSR_SPEED() and rtl8150_probe() functions in drivers/net/usb/rtl8150.c. A local user can perform a denial of service (DoS) attack.

27) Use-after-free (CVE-ID: CVE-2025-21710)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_select_window() function in net/ipv4/tcp_output.c. A local user can escalate privileges on the system.

28) Integer overflow (CVE-ID: CVE-2025-21711)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the rose_setsockopt() function in net/rose/af_rose.c. A local user can execute arbitrary code.

29) Use-after-free (CVE-ID: CVE-2025-21715)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dm9000_drv_remove() function in drivers/net/ethernet/davicom/dm9000.c. A local user can escalate privileges on the system.

30) Use of uninitialized resource (CVE-ID: CVE-2025-21716)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the vxlan_vnifilter_dump() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.

31) NULL pointer dereference (CVE-ID: CVE-2025-21720)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/net/xfrm.h. A local user can perform a denial of service (DoS) attack.

32) Out-of-bounds read (CVE-ID: CVE-2025-21724)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iova_bitmap_offset_to_index() function in drivers/vfio/iova_bitmap.c. A local user can perform a denial of service (DoS) attack.

33) Input validation error (CVE-ID: CVE-2025-21725)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

34) Use-after-free (CVE-ID: CVE-2025-21726)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the padata_reorder() and invoke_padata_reorder() functions in kernel/padata.c. A local user can escalate privileges on the system.

35) Use-after-free (CVE-ID: CVE-2025-21727)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the padata_free_shell() function in kernel/padata.c. A local user can escalate privileges on the system.

36) Resource management error (CVE-ID: CVE-2025-21728)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bpf_send_signal_common() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

37) Memory leak (CVE-ID: CVE-2025-21745)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the blkcg_fill_root_iostats() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.

38) Improper error handling (CVE-ID: CVE-2025-21799)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the am65_cpsw_nuss_remove_tx_chns() function in drivers/net/ethernet/ti/am65-cpsw-nuss.c. A local user can perform a denial of service (DoS) attack.

39) Resource management error (CVE-ID: CVE-2025-21803)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the enable_gpe_wakeup() function in arch/loongarch/power/platform.c. A local user can perform a denial of service (DoS) attack.

40) Buffer overflow (CVE-ID: CVE-2025-21804)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rcar_pcie_parse_outbound_ranges() function in drivers/pci/controller/pcie-rcar-ep.c. A local user can perform a denial of service (DoS) attack.

41) Improper error handling (CVE-ID: CVE-2025-21806)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the proc_do_dev_weight() and sizeof() functions in net/core/sysctl_net_core.c. A local user can perform a denial of service (DoS) attack.

42) Input validation error (CVE-ID: CVE-2025-21808)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dev_xdp_attach() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

43) NULL pointer dereference (CVE-ID: CVE-2025-21810)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the class_dev_iter_init() and class_dev_iter_next() functions in drivers/base/class.c. A local user can perform a denial of service (DoS) attack.

44) Improper locking (CVE-ID: CVE-2025-21811)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_lookup_dirty_data_buffers() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

45) Use-after-free (CVE-ID: CVE-2025-21812)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ax25_rt_autobind() function in net/ax25/ax25_route.c, within the ax25_send_frame() and ax25_queue_xmit() functions in net/ax25/ax25_out.c, within the ax25_ip_xmit() function in net/ax25/ax25_ip.c, within the ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c, within the ax25_fillin_cb_from_dev() and ax25_setsockopt() functions in net/ax25/af_ax25.c. A local user can escalate privileges on the system.

46) Input validation error (CVE-ID: CVE-2025-21828)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the net/mac80211/driver-ops.h. A local user can perform a denial of service (DoS) attack.

47) Use-after-free (CVE-ID: CVE-2025-21853)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bpf_map_mmap() function in kernel/bpf/syscall.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1340

Vulnerable Software

openEuler: 24.03 LTS SP1
python3-perf-debuginfo: before 6.6.0-84.0.0.89
python3-perf: before 6.6.0-84.0.0.89
perf-debuginfo: before 6.6.0-84.0.0.89
perf: before 6.6.0-84.0.0.89
kernel-tools-devel: before 6.6.0-84.0.0.89
kernel-tools-debuginfo: before 6.6.0-84.0.0.89
kernel-tools: before 6.6.0-84.0.0.89
kernel-source: before 6.6.0-84.0.0.89
kernel-headers: before 6.6.0-84.0.0.89
kernel-devel: before 6.6.0-84.0.0.89
kernel-debugsource: before 6.6.0-84.0.0.89
kernel-debuginfo: before 6.6.0-84.0.0.89
bpftool-debuginfo: before 6.6.0-84.0.0.89
bpftool: before 6.6.0-84.0.0.89
kernel: before 6.6.0-84.0.0.89

SB2025032913 - openEuler 24.03 LTS SP1 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human