Main Vulnerability Database SB2025050998

SB2025050998 - openEuler 20.03 LTS SP4 update for kernel

Published: May 9, 2025

Security Bulletin ID SB2025050998

Severity

Low

Patch available

YES

Number of vulnerabilities 31

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 31 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2020-36789)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the can_get_echo_skb() function in drivers/net/can/dev.c. A local user can perform a denial of service (DoS) attack.

2) Input validation error (CVE-ID: CVE-2021-47641)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cirrusfb_check_mclk() and cirrusfb_check_pixclock() functions in drivers/video/fbdev/cirrusfb.c. A local user can perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2021-47668)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the can_restart() function in drivers/net/can/dev.c. A local user can escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2021-47670)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pcan_usb_fd_decode_canmsg() and pcan_usb_fd_decode_status() functions in drivers/net/can/usb/peak_usb/pcan_usb_fd.c. A local user can escalate privileges on the system.

5) Improper error handling (CVE-ID: CVE-2022-49084)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the qede_build_skb() function in drivers/net/ethernet/qlogic/qede/qede_fp.c. A local user can perform a denial of service (DoS) attack.

6) Memory leak (CVE-ID: CVE-2022-49086)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nla_alloc_flow_actions() and ovs_nla_free_set_action() functions in net/openvswitch/flow_netlink.c. A local user can perform a denial of service (DoS) attack.

7) Improper locking (CVE-ID: CVE-2022-49217)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pm80xx_send_abort_all() function in drivers/scsi/pm8001/pm80xx_hwi.c, within the pm8001_send_abort_all() and pm8001_send_read_log() functions in drivers/scsi/pm8001/pm8001_hwi.c. A local user can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2022-49232)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_connector_add_common_modes() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

9) Use of uninitialized resource (CVE-ID: CVE-2022-49298)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the r871xu_drv_init() function in drivers/staging/rtl8712/usb_intf.c. A local user can perform a denial of service (DoS) attack.

10) Use-after-free (CVE-ID: CVE-2022-49385)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bus_add_driver() function in drivers/base/bus.c. A local user can escalate privileges on the system.

11) NULL pointer dereference (CVE-ID: CVE-2022-49429)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hfi1_write_iter() function in drivers/infiniband/hw/hfi1/file_ops.c. A local user can perform a denial of service (DoS) attack.

12) Use-after-free (CVE-ID: CVE-2022-49626)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the efx_ef10_pci_sriov_disable() function in drivers/net/ethernet/sfc/ef10_sriov.c. A local user can escalate privileges on the system.

13) Use-after-free (CVE-ID: CVE-2022-49647)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the LIST_HEAD_INIT(), find_css_set(), cgroup_migrate_vet_dst(), cgroup_migrate_add_src(), cgroup_migrate_prepare_dst() and cgroup_update_dfl_csses() functions in kernel/cgroup/cgroup.c. A local user can escalate privileges on the system.

14) Use-after-free (CVE-ID: CVE-2023-52935)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the retract_page_tables() function in mm/khugepaged.c. A local user can escalate privileges on the system.

15) Out-of-bounds read (CVE-ID: CVE-2023-53019)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

16) Use-after-free (CVE-ID: CVE-2023-53023)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the local_cleanup() function in net/nfc/llcp_core.c. A local user can escalate privileges on the system.

17) Buffer overflow (CVE-ID: CVE-2023-53032)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bitmap_ip_create() function in net/netfilter/ipset/ip_set_bitmap_ip.c. A local user can escalate privileges on the system.

18) Input validation error (CVE-ID: CVE-2024-58094)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the jfs_truncate_nolock() function in fs/jfs/inode.c. A local user can perform a denial of service (DoS) attack.

19) Use-after-free (CVE-ID: CVE-2025-21759)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mld_send_cr() and igmp6_send() functions in net/ipv6/mcast.c. A local user can escalate privileges on the system.

20) Use-after-free (CVE-ID: CVE-2025-21760)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_nd_hdr() and ndisc_send_skb() functions in net/ipv6/ndisc.c. A local user can escalate privileges on the system.

21) Use-after-free (CVE-ID: CVE-2025-21761)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ovs_vport_cmd_fill_info() function in net/openvswitch/datapath.c. A local user can escalate privileges on the system.

22) Use-after-free (CVE-ID: CVE-2025-21762)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the arp_xmit_finish() function in net/ipv4/arp.c. A local user can escalate privileges on the system.

23) Use-after-free (CVE-ID: CVE-2025-21763)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __neigh_notify() function in net/core/neighbour.c. A local user can escalate privileges on the system.

24) Use-after-free (CVE-ID: CVE-2025-21764)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.

25) Out-of-bounds read (CVE-ID: CVE-2025-21993)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ibft_attr_show_nic() function in drivers/firmware/iscsi_ibft.c. A local user can perform a denial of service (DoS) attack.

26) Use-after-free (CVE-ID: CVE-2025-22004)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lec_send() function in net/atm/lec.c. A local user can escalate privileges on the system.

27) Use-after-free (CVE-ID: CVE-2025-22035)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wakeup_trace_open() function in kernel/trace/trace_sched_wakeup.c, within the irqsoff_trace_open() function in kernel/trace/trace_irqsoff.c, within the graph_trace_close() function in kernel/trace/trace_functions_graph.c. A local user can escalate privileges on the system.

28) Out-of-bounds read (CVE-ID: CVE-2025-22055)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nft_tunnel_obj_erspan_init() function in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.

29) Memory leak (CVE-ID: CVE-2025-22058)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the udp_skb_has_head_state(), udp_rmem_release(), EXPORT_SYMBOL_GPL() and first_packet_length() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.

30) Improper locking (CVE-ID: CVE-2025-22125)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the raid10_read_request() and raid10_write_one_disk() functions in drivers/md/raid10.c, within the raid1_read_request() and raid1_write_request() functions in drivers/md/raid1.c. A local user can perform a denial of service (DoS) attack.

31) Use-after-free (CVE-ID: CVE-2025-37785)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ext4_check_dir_entry() function in fs/ext4/dir.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1465

Vulnerable Software

openEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.1.0.0326
python3-perf: before 4.19.90-2505.1.0.0326
python2-perf-debuginfo: before 4.19.90-2505.1.0.0326
python2-perf: before 4.19.90-2505.1.0.0326
perf-debuginfo: before 4.19.90-2505.1.0.0326
perf: before 4.19.90-2505.1.0.0326
kernel-tools-devel: before 4.19.90-2505.1.0.0326
kernel-tools-debuginfo: before 4.19.90-2505.1.0.0326
kernel-tools: before 4.19.90-2505.1.0.0326
kernel-source: before 4.19.90-2505.1.0.0326
kernel-devel: before 4.19.90-2505.1.0.0326
kernel-debugsource: before 4.19.90-2505.1.0.0326
kernel-debuginfo: before 4.19.90-2505.1.0.0326
bpftool-debuginfo: before 4.19.90-2505.1.0.0326
bpftool: before 4.19.90-2505.1.0.0326
kernel: before 4.19.90-2505.1.0.0326

SB2025050998 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human