SB2025053052 - openEuler 22.03 LTS SP4 update for kernel

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Double free (CVE-ID: CVE-2022-3238)

The vulnerability allows a local user to execute arbitrary code.

A double-free flaw was found in the Linux kernel's NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.

2) Memory leak (CVE-ID: CVE-2023-53061)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the smb2_open() function in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

3) Improper error handling (CVE-ID: CVE-2023-53073)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the amd_pmu_v2_handle_irq() function in arch/x86/events/amd/core.c. A local user can perform a denial of service (DoS) attack.

4) Improper locking (CVE-ID: CVE-2024-57876)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drm_dp_mst_topology_mgr_set_mst(), EXPORT_SYMBOL(), update_msg_rx_state() and drm_dp_mst_hpd_irq_handle_event() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.

5) Infinite loop (CVE-ID: CVE-2024-58097)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the ath11k_dp_rx_mon_mpdu_pop() and ath11k_dp_rx_full_mon_mpdu_pop() functions in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

6) Input validation error (CVE-ID: CVE-2025-37773)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c. A local user can perform a denial of service (DoS) attack.

7) Out-of-bounds read (CVE-ID: CVE-2025-37782)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hfs_bnode_read_key() function in fs/hfsplus/bnode.c, within the hfs_bnode_read_key() function in fs/hfs/bnode.c. A local user can perform a denial of service (DoS) attack.

8) Improper locking (CVE-ID: CVE-2025-37925)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the duplicateIXtree() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2025-37940)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ftrace_graph_set_hash() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

10) Memory leak (CVE-ID: CVE-2025-37980)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the blk_debugfs_remove() function in block/blk-sysfs.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1571