SB2025042542 - openEuler 22.03 LTS SP3 update for kernel

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2023-52935)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the retract_page_tables() function in mm/khugepaged.c. A local user can escalate privileges on the system.

2) Buffer overflow (CVE-ID: CVE-2023-53010)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bnxt_ethtool_init() function in drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c. A local user can escalate privileges on the system.

3) Buffer overflow (CVE-ID: CVE-2025-21780)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the smu_sys_set_pp_table() function in drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c. A local user can escalate privileges on the system.

4) Resource management error (CVE-ID: CVE-2025-21781)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the batadv_v_elp_start_timer() and batadv_v_elp_get_throughput() functions in net/batman-adv/bat_v_elp.c. A local user can perform a denial of service (DoS) attack.

5) Resource management error (CVE-ID: CVE-2025-21877)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the genelink_bind() function in drivers/net/usb/gl620a.c. A local user can perform a denial of service (DoS) attack.

6) Division by zero (CVE-ID: CVE-2025-21898)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the function_stat_show() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

7) Use-after-free (CVE-ID: CVE-2025-21935)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rio_scan_alloc_net() function in drivers/rapidio/rio-scan.c. A local user can escalate privileges on the system.

8) Out-of-bounds read (CVE-ID: CVE-2025-21993)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ibft_attr_show_nic() function in drivers/firmware/iscsi_ibft.c. A local user can perform a denial of service (DoS) attack.

9) Use-after-free (CVE-ID: CVE-2025-22035)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wakeup_trace_open() function in kernel/trace/trace_sched_wakeup.c, within the irqsoff_trace_open() function in kernel/trace/trace_irqsoff.c, within the graph_trace_close() function in kernel/trace/trace_functions_graph.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1448