Main Vulnerability Database SB2025041867

SB2025041867 - openEuler 20.03 LTS SP4 update for kernel

Published: April 18, 2025

Security Bulletin ID SB2025041867

Severity

Low

Patch available

YES

Number of vulnerabilities 12

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2021-47407)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the kvm_arch_free_vm() and kvm_arch_init_vm() functions in arch/x86/kvm/x86.c, within the kvm_page_track_cleanup() function in arch/x86/kvm/mmu/page_track.c. A local user can perform a denial of service (DoS) attack.

2) Integer underflow (CVE-ID: CVE-2022-49280)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nfsd_proc_write() function in fs/nfsd/nfsproc.c. A local user can execute arbitrary code.

3) NULL pointer dereference (CVE-ID: CVE-2022-49307)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hdlcdev_init() function in drivers/tty/synclink_gt.c. A local user can perform a denial of service (DoS) attack.

4) Memory leak (CVE-ID: CVE-2022-49399)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the goldfish_tty_probe() and goldfish_tty_remove() functions in drivers/tty/goldfish.c. A local user can perform a denial of service (DoS) attack.

5) Memory leak (CVE-ID: CVE-2022-49525)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cx25821_finidev() function in drivers/media/pci/cx25821/cx25821-core.c. A local user can perform a denial of service (DoS) attack.

6) Out-of-bounds read (CVE-ID: CVE-2022-49674)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the validate_region_size(), validate_raid_redundancy(), __rdev_sectors() and raid_iterate_devices() functions in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

7) Use-after-free (CVE-ID: CVE-2022-49740)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcmf_construct_chaninfo() and brcmf_enable_bw40_2g() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.

8) Use-after-free (CVE-ID: CVE-2023-52973)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vcs_read() function in drivers/tty/vt/vc_screen.c. A local user can escalate privileges on the system.

9) Improper locking (CVE-ID: CVE-2024-40998)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

10) Resource management error (CVE-ID: CVE-2024-58002)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the uvc_v4l2_release() function in drivers/media/usb/uvc/uvc_v4l2.c, within the uvc_ctrl_send_slave_event(), uvc_ctrl_status_event(), uvc_ctrl_commit_entity() and uvc_ctrl_init_device() functions in drivers/media/usb/uvc/uvc_ctrl.c. A local user can perform a denial of service (DoS) attack.

11) Use-after-free (CVE-ID: CVE-2025-21796)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_acl_release() function in fs/nfsd/nfs3acl.c, within the posix_acl_release() function in fs/nfsd/nfs2acl.c. A local user can escalate privileges on the system.

12) Use-after-free (CVE-ID: CVE-2025-21858)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the geneve_destroy_tunnels() function in drivers/net/geneve.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1432

Vulnerable Software

openEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2504.3.0.0324
python3-perf: before 4.19.90-2504.3.0.0324
python2-perf-debuginfo: before 4.19.90-2504.3.0.0324
python2-perf: before 4.19.90-2504.3.0.0324
perf-debuginfo: before 4.19.90-2504.3.0.0324
perf: before 4.19.90-2504.3.0.0324
kernel-tools-devel: before 4.19.90-2504.3.0.0324
kernel-tools-debuginfo: before 4.19.90-2504.3.0.0324
kernel-tools: before 4.19.90-2504.3.0.0324
kernel-source: before 4.19.90-2504.3.0.0324
kernel-devel: before 4.19.90-2504.3.0.0324
kernel-debugsource: before 4.19.90-2504.3.0.0324
kernel-debuginfo: before 4.19.90-2504.3.0.0324
bpftool-debuginfo: before 4.19.90-2504.3.0.0324
bpftool: before 4.19.90-2504.3.0.0324
kernel: before 4.19.90-2504.3.0.0324

SB2025041867 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human