SB2025051668 - openEuler 24.03 LTS update for kernel

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2025-21916)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2025-21950)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pmcmd_ioctl() function in drivers/virt/acrn/hsm.c. A local user can perform a denial of service (DoS) attack.

3) Improper locking (CVE-ID: CVE-2025-23144)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the led_bl_remove() function in drivers/video/backlight/led_bl.c. A local user can perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2025-37742)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the diMount() function in fs/jfs/jfs_imap.c. A local user can escalate privileges on the system.

5) NULL pointer dereference (CVE-ID: CVE-2025-37755)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the wx_alloc_mapped_page() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.

6) Memory leak (CVE-ID: CVE-2025-37799)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.

7) NULL pointer dereference (CVE-ID: CVE-2025-37811)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cpu_latency_qos_remove_request() and ci_hdrc_imx_remove() functions in drivers/usb/chipidea/ci_hdrc_imx.c. A local user can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2025-37860)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ef100_process_design_param() and ef100_check_design_params() functions in drivers/net/ethernet/sfc/ef100_nic.c, within the ef100_probe_netdev() function in drivers/net/ethernet/sfc/ef100_netdev.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1511