openEuler 22.03 LTS SP4 update for kernel

Published: 2025-05-09

Risk	Low
Patch available	YES
Number of vulnerabilities	6
CVE-ID	CVE-2024-58094 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764
CWE-ID	CWE-20 CWE-416
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU107807

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58094

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the jfs_truncate_nolock() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-262.0.0.165

python3-perf: before 5.10.0-262.0.0.165

perf-debuginfo: before 5.10.0-262.0.0.165

perf: before 5.10.0-262.0.0.165

kernel-tools-devel: before 5.10.0-262.0.0.165

kernel-tools-debuginfo: before 5.10.0-262.0.0.165

kernel-tools: before 5.10.0-262.0.0.165

kernel-source: before 5.10.0-262.0.0.165

kernel-headers: before 5.10.0-262.0.0.165

kernel-devel: before 5.10.0-262.0.0.165

kernel-debugsource: before 5.10.0-262.0.0.165

kernel-debuginfo: before 5.10.0-262.0.0.165

bpftool-debuginfo: before 5.10.0-262.0.0.165

bpftool: before 5.10.0-262.0.0.165

kernel: before 5.10.0-262.0.0.165

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1462

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU104947

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21760

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_nd_hdr() and ndisc_send_skb() functions in net/ipv6/ndisc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-262.0.0.165

python3-perf: before 5.10.0-262.0.0.165

perf-debuginfo: before 5.10.0-262.0.0.165

perf: before 5.10.0-262.0.0.165

kernel-tools-devel: before 5.10.0-262.0.0.165

kernel-tools-debuginfo: before 5.10.0-262.0.0.165

kernel-tools: before 5.10.0-262.0.0.165

kernel-source: before 5.10.0-262.0.0.165

kernel-headers: before 5.10.0-262.0.0.165

kernel-devel: before 5.10.0-262.0.0.165

kernel-debugsource: before 5.10.0-262.0.0.165

kernel-debuginfo: before 5.10.0-262.0.0.165

bpftool-debuginfo: before 5.10.0-262.0.0.165

bpftool: before 5.10.0-262.0.0.165

kernel: before 5.10.0-262.0.0.165

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1462

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU104948

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21761

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ovs_vport_cmd_fill_info() function in net/openvswitch/datapath.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-262.0.0.165

python3-perf: before 5.10.0-262.0.0.165

perf-debuginfo: before 5.10.0-262.0.0.165

perf: before 5.10.0-262.0.0.165

kernel-tools-devel: before 5.10.0-262.0.0.165

kernel-tools-debuginfo: before 5.10.0-262.0.0.165

kernel-tools: before 5.10.0-262.0.0.165

kernel-source: before 5.10.0-262.0.0.165

kernel-headers: before 5.10.0-262.0.0.165

kernel-devel: before 5.10.0-262.0.0.165

kernel-debugsource: before 5.10.0-262.0.0.165

kernel-debuginfo: before 5.10.0-262.0.0.165

bpftool-debuginfo: before 5.10.0-262.0.0.165

bpftool: before 5.10.0-262.0.0.165

kernel: before 5.10.0-262.0.0.165

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1462

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU104949

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21762

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the arp_xmit_finish() function in net/ipv4/arp.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-262.0.0.165

python3-perf: before 5.10.0-262.0.0.165

perf-debuginfo: before 5.10.0-262.0.0.165

perf: before 5.10.0-262.0.0.165

kernel-tools-devel: before 5.10.0-262.0.0.165

kernel-tools-debuginfo: before 5.10.0-262.0.0.165

kernel-tools: before 5.10.0-262.0.0.165

kernel-source: before 5.10.0-262.0.0.165

kernel-headers: before 5.10.0-262.0.0.165

kernel-devel: before 5.10.0-262.0.0.165

kernel-debugsource: before 5.10.0-262.0.0.165

kernel-debuginfo: before 5.10.0-262.0.0.165

bpftool-debuginfo: before 5.10.0-262.0.0.165

bpftool: before 5.10.0-262.0.0.165

kernel: before 5.10.0-262.0.0.165

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1462

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU104943

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21763

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __neigh_notify() function in net/core/neighbour.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-262.0.0.165

python3-perf: before 5.10.0-262.0.0.165

perf-debuginfo: before 5.10.0-262.0.0.165

perf: before 5.10.0-262.0.0.165

kernel-tools-devel: before 5.10.0-262.0.0.165

kernel-tools-debuginfo: before 5.10.0-262.0.0.165

kernel-tools: before 5.10.0-262.0.0.165

kernel-source: before 5.10.0-262.0.0.165

kernel-headers: before 5.10.0-262.0.0.165

kernel-devel: before 5.10.0-262.0.0.165

kernel-debugsource: before 5.10.0-262.0.0.165

kernel-debuginfo: before 5.10.0-262.0.0.165

bpftool-debuginfo: before 5.10.0-262.0.0.165

bpftool: before 5.10.0-262.0.0.165

kernel: before 5.10.0-262.0.0.165

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1462

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU104950

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21764

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

python3-perf-debuginfo: before 5.10.0-262.0.0.165

python3-perf: before 5.10.0-262.0.0.165

perf-debuginfo: before 5.10.0-262.0.0.165

perf: before 5.10.0-262.0.0.165

kernel-tools-devel: before 5.10.0-262.0.0.165

kernel-tools-debuginfo: before 5.10.0-262.0.0.165

kernel-tools: before 5.10.0-262.0.0.165

kernel-source: before 5.10.0-262.0.0.165

kernel-headers: before 5.10.0-262.0.0.165

kernel-devel: before 5.10.0-262.0.0.165

kernel-debugsource: before 5.10.0-262.0.0.165

kernel-debuginfo: before 5.10.0-262.0.0.165

bpftool-debuginfo: before 5.10.0-262.0.0.165

bpftool: before 5.10.0-262.0.0.165

kernel: before 5.10.0-262.0.0.165

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1462

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.