Main Vulnerability Database SB2025051666

SB2025051666 - openEuler 20.03 LTS SP4 update for kernel

Published: May 16, 2025

Security Bulletin ID SB2025051666

Severity

Low

Patch available

YES

Number of vulnerabilities 11

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-49111)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hci_disconn_phylink_complete_evt() function in net/bluetooth/hci_event.c. A local user can escalate privileges on the system.

2) Use-after-free (CVE-ID: CVE-2022-49505)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfc_unregister_device() function in net/nfc/core.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2022-49755)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ffs_ep0_queue_wait() and functionfs_unbind() functions in drivers/usb/gadget/function/f_fs.c. A local user can escalate privileges on the system.

4) Buffer overflow (CVE-ID: CVE-2022-49771)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the list_version_get_needed() and list_versions() functions in drivers/md/dm-ioctl.c. A local user can escalate privileges on the system.

5) NULL pointer dereference (CVE-ID: CVE-2022-49826)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ata_tport_add() function in drivers/ata/libata-transport.c. A local user can perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2022-49842)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in sound/soc/soc-core.c. A local user can escalate privileges on the system.

7) Improper locking (CVE-ID: CVE-2022-49850)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kvm_gfn_to_pfn_cache_unmap(), kvm_gfn_to_pfn_cache_init() and kvm_gfn_to_pfn_cache_destroy() functions in virt/kvm/pfncache.c, within the kvm_xen_shared_info_init(), kvm_xen_vcpu_set_attr(), kvm_xen_init_vcpu(), kvm_xen_destroy_vcpu() and kvm_xen_destroy_vm() functions in arch/x86/kvm/xen.c, within the kvm_write_system_time(), kvm_pv_enable_async_pf_int() and kvm_arch_vcpu_create() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

8) Memory leak (CVE-ID: CVE-2022-49915)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mISDN_register_device() function in drivers/isdn/mISDN/core.c. A local user can perform a denial of service (DoS) attack.

9) Use-after-free (CVE-ID: CVE-2023-53090)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_event_waiters() function in drivers/gpu/drm/amd/amdkfd/kfd_events.c. A local user can escalate privileges on the system.

10) Use-after-free (CVE-ID: CVE-2023-53116)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __nvmet_req_complete() function in drivers/nvme/target/core.c. A local user can escalate privileges on the system.

11) Use-after-free (CVE-ID: CVE-2025-21999)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513

Vulnerable Software

openEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327

SB2025051666 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human