openEuler 20.03 LTS SP4 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2022-49111 CVE-2022-49505 CVE-2022-49755 CVE-2022-49771 CVE-2022-49826 CVE-2022-49842 CVE-2022-49850 CVE-2022-49915 CVE-2023-53090 CVE-2023-53116 CVE-2025-21999 |
| CWE-ID | CWE-416 CWE-119 CWE-476 CWE-667 CWE-401 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component python2-perf-debuginfo Operating systems & Components / Operating system package or component python2-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU104471
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49111
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_disconn_phylink_complete_evt() function in net/bluetooth/hci_event.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU104458
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49505
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_unregister_device() function in net/nfc/core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU106177
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49755
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ffs_ep0_queue_wait() and functionfs_unbind() functions in drivers/usb/gadget/function/f_fs.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU108342
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49771
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the list_version_get_needed() and list_versions() functions in drivers/md/dm-ioctl.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU108285
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49826
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_tport_add() function in drivers/ata/libata-transport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU108225
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49842
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in sound/soc/soc-core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU108303
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49850
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_gfn_to_pfn_cache_unmap(), kvm_gfn_to_pfn_cache_init() and kvm_gfn_to_pfn_cache_destroy() functions in virt/kvm/pfncache.c, within the kvm_xen_shared_info_init(), kvm_xen_vcpu_set_attr(), kvm_xen_init_vcpu(), kvm_xen_destroy_vcpu() and kvm_xen_destroy_vm() functions in arch/x86/kvm/xen.c, within the kvm_write_system_time(), kvm_pv_enable_async_pf_int() and kvm_arch_vcpu_create() functions in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU108158
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-49915
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mISDN_register_device() function in drivers/isdn/mISDN/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU108431
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53090
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_event_waiters() function in drivers/gpu/drm/amd/amdkfd/kfd_events.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU108427
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53116
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __nvmet_req_complete() function in drivers/nvme/target/core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU106955
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21999
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_get_inode() function in fs/proc/inode.c, within the proc_create_reg(), proc_create_seq_private() and proc_create_single_data() functions in fs/proc/generic.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2505.3.0.0327
python3-perf: before 4.19.90-2505.3.0.0327
python2-perf-debuginfo: before 4.19.90-2505.3.0.0327
python2-perf: before 4.19.90-2505.3.0.0327
perf-debuginfo: before 4.19.90-2505.3.0.0327
perf: before 4.19.90-2505.3.0.0327
kernel-tools-devel: before 4.19.90-2505.3.0.0327
kernel-tools-debuginfo: before 4.19.90-2505.3.0.0327
kernel-tools: before 4.19.90-2505.3.0.0327
kernel-source: before 4.19.90-2505.3.0.0327
kernel-devel: before 4.19.90-2505.3.0.0327
kernel-debugsource: before 4.19.90-2505.3.0.0327
kernel-debuginfo: before 4.19.90-2505.3.0.0327
bpftool-debuginfo: before 4.19.90-2505.3.0.0327
bpftool: before 4.19.90-2505.3.0.0327
kernel: before 4.19.90-2505.3.0.0327
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP4:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python2-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
