SB20250704136 - openEuler 24.03 LTS SP1 update for kernel
Published: July 4, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2024-47732)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the remove_device_compression_modes() function in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can escalate privileges on the system.
2) Buffer overflow (CVE-ID: CVE-2024-58085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tomoyo_write_control() function in security/tomoyo/common.c. A local user can perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2025-21854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_map_sk_state_allowed() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
4) Resource management error (CVE-ID: CVE-2025-21861)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the migrate_device_finalize() function in mm/migrate_device.c. A local user can perform a denial of service (DoS) attack.
5) Improper locking (CVE-ID: CVE-2025-21944)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfs_lock_file() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
6) Use of uninitialized resource (CVE-ID: CVE-2025-21996)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the radeon_vce_cs_parse() function in drivers/gpu/drm/radeon/radeon_vce.c. A local user can perform a denial of service (DoS) attack.
7) Improper error handling (CVE-ID: CVE-2025-23149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tpm_get_random() function in drivers/char/tpm/tpm-interface.c, within the tpm_try_get_ops() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.
8) Memory leak (CVE-ID: CVE-2025-37849)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvm_arch_vcpu_create() function in arch/arm64/kvm/arm.c. A local user can perform a denial of service (DoS) attack.
9) Resource management error (CVE-ID: CVE-2025-37930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.
10) Division by zero (CVE-ID: CVE-2025-37937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the dib8000_set_dds() function in drivers/media/dvb-frontends/dib8000.c. A local user can perform a denial of service (DoS) attack.
11) Input validation error (CVE-ID: CVE-2025-37948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pr_fmt(), build_plt(), build_epilogue() and bpf_int_jit_compile() functions in arch/arm64/net/bpf_jit_comp.c, within the this_cpu_set_vectors() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2025-37963)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_bhb_mitigation() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
13) NULL pointer dereference (CVE-ID: CVE-2025-38007)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uclogic_input_configured() function in drivers/hid/hid-uclogic-core.c. A local user can perform a denial of service (DoS) attack.
14) Memory leak (CVE-ID: CVE-2025-38031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the padata_reorder() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2025-38034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.
16) Infinite loop (CVE-ID: CVE-2025-38060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the copy_verifier_state() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
17) Input validation error (CVE-ID: CVE-2025-38065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the orangefs_writepage_locked() and orangefs_writepages_work() functions in fs/orangefs/inode.c. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2025-38074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
19) Use-after-free (CVE-ID: CVE-2025-38078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_pcm_buffer_access_unlock() function in sound/core/pcm_native.c, within the snd_pcm_oss_change_params_locked() function in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
20) Buffer overflow (CVE-ID: CVE-2025-38080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/amd/display/dc/inc/core_types.h. A local user can perform a denial of service (DoS) attack.
21) NULL pointer dereference (CVE-ID: CVE-2025-38152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rproc_shutdown() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
22) Out-of-bounds read (CVE-ID: CVE-2025-39735)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
23) Out-of-bounds read (CVE-ID: CVE-2025-40014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amd_set_spi_freq() function in drivers/spi/spi-amd.c. A local user can perform a denial of service (DoS) attack.
24) Buffer overflow (CVE-ID: CVE-2025-40364)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the io_alloc_async_data() and io_req_prep_async() functions in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.