SB20250620143 - openEuler 22.03 LTS SP3 update for kernel

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2022-21546)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the scsi subsystem within the OS kernel. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Double free (CVE-ID: CVE-2023-53039)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the void recv_ipc() and ish_dev_init() functions in drivers/hid/intel-ish-hid/ipc/ipc.c. A local user can perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2024-58083)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the include/linux/kvm_host.h. A local user can escalate privileges on the system.

4) Buffer overflow (CVE-ID: CVE-2025-21704)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the acm_process_notification() and acm_ctrl_irq() functions in drivers/usb/class/cdc-acm.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1648