Anolis OS update for kernel:4.18



Risk Low
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2022-48919
CVE-2022-49395
CVE-2024-50301
CVE-2024-53064
CVE-2025-21764
CWE-ID CWE-416
CWE-125
CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Anolis OS
Operating systems & Components / Operating system

kernel-doc
Operating systems & Components / Operating system package or component

kernel-abi-stablelists
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-libs-devel
Operating systems & Components / Operating system package or component

kernel-tools-libs
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-modules-extra
Operating systems & Components / Operating system package or component

kernel-modules
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debug-modules-extra
Operating systems & Components / Operating system package or component

kernel-debug-modules
Operating systems & Components / Operating system package or component

kernel-debug-devel
Operating systems & Components / Operating system package or component

kernel-debug-core
Operating systems & Components / Operating system package or component

kernel-debug
Operating systems & Components / Operating system package or component

kernel-cross-headers
Operating systems & Components / Operating system package or component

kernel-core
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

Vendor OpenAnolis

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU96413

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48919

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cifs_do_mount() function in fs/cifs/cifsfs.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.58.1.0.1

kernel-abi-stablelists: before 4.18.0-553.58.1.0.1

python3-perf: before 4.18.0-553.58.1.0.1

perf: before 4.18.0-553.58.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.58.1.0.1

kernel-tools-libs: before 4.18.0-553.58.1.0.1

kernel-tools: before 4.18.0-553.58.1.0.1

kernel-modules-extra: before 4.18.0-553.58.1.0.1

kernel-modules: before 4.18.0-553.58.1.0.1

kernel-headers: before 4.18.0-553.58.1.0.1

kernel-devel: before 4.18.0-553.58.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.58.1.0.1

kernel-debug-modules: before 4.18.0-553.58.1.0.1

kernel-debug-devel: before 4.18.0-553.58.1.0.1

kernel-debug-core: before 4.18.0-553.58.1.0.1

kernel-debug: before 4.18.0-553.58.1.0.1

kernel-cross-headers: before 4.18.0-553.58.1.0.1

kernel-core: before 4.18.0-553.58.1.0.1

kernel: before 4.18.0-553.58.1.0.1

bpftool: before 4.18.0-553.58.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0406


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU104504

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49395

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the write_ldt_entry() function in arch/x86/um/ldt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.58.1.0.1

kernel-abi-stablelists: before 4.18.0-553.58.1.0.1

python3-perf: before 4.18.0-553.58.1.0.1

perf: before 4.18.0-553.58.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.58.1.0.1

kernel-tools-libs: before 4.18.0-553.58.1.0.1

kernel-tools: before 4.18.0-553.58.1.0.1

kernel-modules-extra: before 4.18.0-553.58.1.0.1

kernel-modules: before 4.18.0-553.58.1.0.1

kernel-headers: before 4.18.0-553.58.1.0.1

kernel-devel: before 4.18.0-553.58.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.58.1.0.1

kernel-debug-modules: before 4.18.0-553.58.1.0.1

kernel-debug-devel: before 4.18.0-553.58.1.0.1

kernel-debug-core: before 4.18.0-553.58.1.0.1

kernel-debug: before 4.18.0-553.58.1.0.1

kernel-cross-headers: before 4.18.0-553.58.1.0.1

kernel-core: before 4.18.0-553.58.1.0.1

kernel: before 4.18.0-553.58.1.0.1

bpftool: before 4.18.0-553.58.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0406


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU100622

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the security/keys/keyring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.58.1.0.1

kernel-abi-stablelists: before 4.18.0-553.58.1.0.1

python3-perf: before 4.18.0-553.58.1.0.1

perf: before 4.18.0-553.58.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.58.1.0.1

kernel-tools-libs: before 4.18.0-553.58.1.0.1

kernel-tools: before 4.18.0-553.58.1.0.1

kernel-modules-extra: before 4.18.0-553.58.1.0.1

kernel-modules: before 4.18.0-553.58.1.0.1

kernel-headers: before 4.18.0-553.58.1.0.1

kernel-devel: before 4.18.0-553.58.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.58.1.0.1

kernel-debug-modules: before 4.18.0-553.58.1.0.1

kernel-debug-devel: before 4.18.0-553.58.1.0.1

kernel-debug-core: before 4.18.0-553.58.1.0.1

kernel-debug: before 4.18.0-553.58.1.0.1

kernel-cross-headers: before 4.18.0-553.58.1.0.1

kernel-core: before 4.18.0-553.58.1.0.1

kernel: before 4.18.0-553.58.1.0.1

bpftool: before 4.18.0-553.58.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0406


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU100714

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53064

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the idpf_init_hard_reset() function in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.58.1.0.1

kernel-abi-stablelists: before 4.18.0-553.58.1.0.1

python3-perf: before 4.18.0-553.58.1.0.1

perf: before 4.18.0-553.58.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.58.1.0.1

kernel-tools-libs: before 4.18.0-553.58.1.0.1

kernel-tools: before 4.18.0-553.58.1.0.1

kernel-modules-extra: before 4.18.0-553.58.1.0.1

kernel-modules: before 4.18.0-553.58.1.0.1

kernel-headers: before 4.18.0-553.58.1.0.1

kernel-devel: before 4.18.0-553.58.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.58.1.0.1

kernel-debug-modules: before 4.18.0-553.58.1.0.1

kernel-debug-devel: before 4.18.0-553.58.1.0.1

kernel-debug-core: before 4.18.0-553.58.1.0.1

kernel-debug: before 4.18.0-553.58.1.0.1

kernel-cross-headers: before 4.18.0-553.58.1.0.1

kernel-core: before 4.18.0-553.58.1.0.1

kernel: before 4.18.0-553.58.1.0.1

bpftool: before 4.18.0-553.58.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0406


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU104950

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21764

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.58.1.0.1

kernel-abi-stablelists: before 4.18.0-553.58.1.0.1

python3-perf: before 4.18.0-553.58.1.0.1

perf: before 4.18.0-553.58.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.58.1.0.1

kernel-tools-libs: before 4.18.0-553.58.1.0.1

kernel-tools: before 4.18.0-553.58.1.0.1

kernel-modules-extra: before 4.18.0-553.58.1.0.1

kernel-modules: before 4.18.0-553.58.1.0.1

kernel-headers: before 4.18.0-553.58.1.0.1

kernel-devel: before 4.18.0-553.58.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.58.1.0.1

kernel-debug-modules: before 4.18.0-553.58.1.0.1

kernel-debug-devel: before 4.18.0-553.58.1.0.1

kernel-debug-core: before 4.18.0-553.58.1.0.1

kernel-debug: before 4.18.0-553.58.1.0.1

kernel-cross-headers: before 4.18.0-553.58.1.0.1

kernel-core: before 4.18.0-553.58.1.0.1

kernel: before 4.18.0-553.58.1.0.1

bpftool: before 4.18.0-553.58.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0406


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###