openEuler 20.03 LTS SP4 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 42
CVE-ID CVE-2022-49862
CVE-2022-49871
CVE-2022-49881
CVE-2022-49907
CVE-2022-49918
CVE-2022-49921
CVE-2022-49934
CVE-2022-49938
CVE-2022-49942
CVE-2022-49948
CVE-2022-49964
CVE-2022-49969
CVE-2022-49986
CVE-2022-49987
CVE-2022-49989
CVE-2022-50022
CVE-2022-50033
CVE-2022-50053
CVE-2022-50066
CVE-2022-50084
CVE-2022-50085
CVE-2022-50087
CVE-2022-50098
CVE-2022-50103
CVE-2022-50127
CVE-2022-50134
CVE-2022-50160
CVE-2022-50185
CVE-2022-50191
CVE-2022-50202
CVE-2022-50211
CVE-2022-50220
CVE-2022-50228
CVE-2022-50229
CVE-2023-3090
CVE-2023-53109
CVE-2025-37911
CVE-2025-37932
CVE-2025-38023
CVE-2025-38024
CVE-2025-38063
CVE-2025-38079
CWE-ID CWE-908
CWE-401
CWE-125
CWE-667
CWE-416
CWE-388
CWE-399
CWE-191
CWE-20
CWE-476
CWE-835
CWE-119
CWE-787
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

python2-perf-debuginfo
Operating systems & Components / Operating system package or component

python2-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 42 vulnerabilities.

1) Use of uninitialized resource

EUVDB-ID: #VU108337

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49862

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the iforce_init_device() function in drivers/input/joystick/iforce/iforce-main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU108143

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49871

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the local_bh_disable() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU108138

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49881

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the regdb_fw_cb() and query_regdb_file() functions in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU108252

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49907

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper locking

EUVDB-ID: #VU108309

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49918

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ip_vs_conn_net_init() function in net/netfilter/ipvs/ip_vs_conn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU108219

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49921

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the red_enqueue() function in net/sched/sch_red.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU111444

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49934

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ieee80211_scan_completed() function in net/mac80211/scan.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU111400

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49938

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the SMB2_negotiate() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper error handling

EUVDB-ID: #VU111611

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49942

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ieee80211_ibss_finish_csa() function in net/mac80211/ibss.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU111486

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49948

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the con_font_set() and con_font_default() functions in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU111665

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49964

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ci_leaf_init() and init_cache_level() functions in arch/arm64/kernel/cacheinfo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Integer underflow

EUVDB-ID: #VU111624

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49969

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the optc1_enable_optc_clock() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_optc.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU111447

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49986

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the storvsc_probe() function in drivers/scsi/storvsc_drv.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU111697

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49987

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the md_stop() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU111539

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49989

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lock_pages() and privcmd_ioctl_dm_op() functions in drivers/xen/privcmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU111457

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50022

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the raid5_end_write_request() function in drivers/md/raid5.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU111376

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50033

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ohci_hcd_ppc_of_probe() function in drivers/usb/host/ohci-ppc-of.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU111593

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50053

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU111481

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50066

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the aq_nic_service_timer_cb(), aq_nic_get_regs_count(), aq_nic_get_stats(), aq_nic_set_loopback() and aq_nic_stop() functions in drivers/net/ethernet/aquantia/atlantic/aq_nic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU111479

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50084

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the raid_status() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Infinite loop

EUVDB-ID: #VU111641

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50085

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the attempt_restore_of_faulty_devices() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU111421

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50087

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the scpi_init_versions() and scpi_probe() functions in drivers/firmware/arm_scpi.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper locking

EUVDB-ID: #VU111579

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50098

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qla2xxx_eh_abort(), qla2x00_eh_wait_for_pending_commands(), qla2xxx_eh_device_reset() and qla2xxx_eh_target_reset() functions in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU111477

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50103

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cpuset_cpumask_can_shrink() and task_can_attach() functions in kernel/sched/core.c, within the cpuset_can_attach() function in kernel/cgroup/cpuset.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU111575

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50127

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rxe_qp_init_misc(), rxe_qp_init_req() and rxe_qp_init_resp() functions in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Memory leak

EUVDB-ID: #VU111294

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50134

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the setup_base_ctxt() function in drivers/infiniband/hw/hfi1/file_ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Memory leak

EUVDB-ID: #VU111279

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50160

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ap_flash_init() function in drivers/mtd/maps/physmap-versatile.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer overflow

EUVDB-ID: #VU111635

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50185

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ni_set_mc_special_registers() function in drivers/gpu/drm/radeon/ni_dpm.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Memory leak

EUVDB-ID: #VU111363

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50191

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the of_get_regulation_constraints() function in drivers/regulator/of_regulator.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper locking

EUVDB-ID: #VU111567

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50202

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the snapshot_open(), snapshot_write() and snapshot_ioctl() functions in kernel/power/user.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU111433

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50211

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the raid10_remove_disk() function in drivers/md/raid10.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU111440

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50220

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drivers/net/usb/usbnet.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper error handling

EUVDB-ID: #VU111619

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50228

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the svm_set_irq() function in arch/x86/kvm/svm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU111441

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50229

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bcd2000_init_midi() function in sound/usb/bcd2000/bcd2000.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Out-of-bounds write

EUVDB-ID: #VU78010

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3090

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ipvlan network driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU108480

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-53109

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the LL_RESERVED_SPACE() function in net/ipv6/ip6_tunnel.c, within the ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU109514

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37911

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU109572

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37932

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the htb_qlen_notify() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU111469

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38023

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfs4_alloc_unlockdata() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU111468

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38024

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rxe_cq_from_init() function in drivers/infiniband/sw/rxe/rxe_cq.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper locking

EUVDB-ID: #VU111600

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38063

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __send_empty_flush() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU111459

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38079

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hash_accept() function in crypto/algif_hash.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

python3-perf-debuginfo: before 4.19.90-2507.2.0.0335

python3-perf: before 4.19.90-2507.2.0.0335

python2-perf-debuginfo: before 4.19.90-2507.2.0.0335

python2-perf: before 4.19.90-2507.2.0.0335

perf-debuginfo: before 4.19.90-2507.2.0.0335

perf: before 4.19.90-2507.2.0.0335

kernel-tools-devel: before 4.19.90-2507.2.0.0335

kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335

kernel-tools: before 4.19.90-2507.2.0.0335

kernel-source: before 4.19.90-2507.2.0.0335

kernel-devel: before 4.19.90-2507.2.0.0335

kernel-debugsource: before 4.19.90-2507.2.0.0335

kernel-debuginfo: before 4.19.90-2507.2.0.0335

bpftool-debuginfo: before 4.19.90-2507.2.0.0335

bpftool: before 4.19.90-2507.2.0.0335

kernel: before 4.19.90-2507.2.0.0335

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###