openEuler 24.03 LTS SP1 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 24
CVE-ID CVE-2024-47732
CVE-2024-58085
CVE-2025-21854
CVE-2025-21861
CVE-2025-21944
CVE-2025-21996
CVE-2025-23149
CVE-2025-37849
CVE-2025-37930
CVE-2025-37937
CVE-2025-37948
CVE-2025-37963
CVE-2025-38007
CVE-2025-38031
CVE-2025-38034
CVE-2025-38060
CVE-2025-38065
CVE-2025-38074
CVE-2025-38078
CVE-2025-38080
CVE-2025-38152
CVE-2025-39735
CVE-2025-40014
CVE-2025-40364
CWE-ID CWE-416
CWE-119
CWE-476
CWE-399
CWE-667
CWE-908
CWE-388
CWE-401
CWE-369
CWE-20
CWE-835
CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 24 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU98887

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47732

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remove_device_compression_modes() function in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU105422

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58085

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the tomoyo_write_control() function in security/tomoyo/common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU105665

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21854

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sock_map_sk_state_allowed() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource management error

EUVDB-ID: #VU105674

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21861

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the migrate_device_finalize() function in mm/migrate_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU106762

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21944

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfs_lock_file() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use of uninitialized resource

EUVDB-ID: #VU106963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21996

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the radeon_vce_cs_parse() function in drivers/gpu/drm/radeon/radeon_vce.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper error handling

EUVDB-ID: #VU108336

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23149

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the tpm_get_random() function in drivers/char/tpm/tpm-interface.c, within the tpm_try_get_ops() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU108853

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37849

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kvm_arch_vcpu_create() function in arch/arm64/kvm/arm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource management error

EUVDB-ID: #VU109571

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37930

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Division by zero

EUVDB-ID: #VU109556

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37937

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dib8000_set_dds() function in drivers/media/dvb-frontends/dib8000.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU109581

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pr_fmt(), build_plt(), build_epilogue() and bpf_int_jit_compile() functions in arch/arm64/net/bpf_jit_comp.c, within the this_cpu_set_vectors() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU109582

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37963

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_bhb_mitigation() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU111563

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38007

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the uclogic_input_configured() function in drivers/hid/hid-uclogic-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU111418

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38031

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the padata_reorder() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU111557

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38034

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Infinite loop

EUVDB-ID: #VU111643

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38060

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the copy_verifier_state() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU111702

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38065

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the orangefs_writepage_locked() and orangefs_writepages_work() functions in fs/orangefs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU111536

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38074

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU111460

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38078

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_pcm_buffer_access_unlock() function in sound/core/pcm_native.c, within the snd_pcm_oss_change_params_locked() function in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU111662

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38080

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/gpu/drm/amd/display/dc/inc/core_types.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU107697

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38152

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rproc_shutdown() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU107684

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-39735

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU107683

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-40014

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amd_set_spi_freq() function in drivers/spi/spi-amd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

EUVDB-ID: #VU107790

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-40364

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the io_alloc_async_data() and io_req_prep_async() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-99.0.0.102

python3-perf: before 6.6.0-99.0.0.102

perf-debuginfo: before 6.6.0-99.0.0.102

perf: before 6.6.0-99.0.0.102

kernel-tools-devel: before 6.6.0-99.0.0.102

kernel-tools-debuginfo: before 6.6.0-99.0.0.102

kernel-tools: before 6.6.0-99.0.0.102

kernel-source: before 6.6.0-99.0.0.102

kernel-headers: before 6.6.0-99.0.0.102

kernel-devel: before 6.6.0-99.0.0.102

kernel-debugsource: before 6.6.0-99.0.0.102

kernel-debuginfo: before 6.6.0-99.0.0.102

bpftool-debuginfo: before 6.6.0-99.0.0.102

bpftool: before 6.6.0-99.0.0.102

kernel: before 6.6.0-99.0.0.102

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1730


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###