Main Vulnerability Database SB20250711142

SB20250711142 - openEuler 20.03 LTS SP4 update for kernel

Published: July 11, 2025

Security Bulletin ID SB20250711142

Severity

Low

Patch available

YES

Number of vulnerabilities 42

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 42 secuirty vulnerabilities.

1) Use of uninitialized resource (CVE-ID: CVE-2022-49862)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the iforce_init_device() function in drivers/input/joystick/iforce/iforce-main.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2022-49871)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the local_bh_disable() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

3) Memory leak (CVE-ID: CVE-2022-49881)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the regdb_fw_cb() and query_regdb_file() functions in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.

4) Out-of-bounds read (CVE-ID: CVE-2022-49907)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

5) Improper locking (CVE-ID: CVE-2022-49918)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ip_vs_conn_net_init() function in net/netfilter/ipvs/ip_vs_conn.c. A local user can perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2022-49921)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the red_enqueue() function in net/sched/sch_red.c. A local user can escalate privileges on the system.

7) Use-after-free (CVE-ID: CVE-2022-49934)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ieee80211_scan_completed() function in net/mac80211/scan.c. A local user can escalate privileges on the system.

8) Memory leak (CVE-ID: CVE-2022-49938)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the SMB2_negotiate() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

9) Improper error handling (CVE-ID: CVE-2022-49942)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ieee80211_ibss_finish_csa() function in net/mac80211/ibss.c. A local user can perform a denial of service (DoS) attack.

10) Out-of-bounds read (CVE-ID: CVE-2022-49948)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the con_font_set() and con_font_default() functions in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

11) Resource management error (CVE-ID: CVE-2022-49964)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ci_leaf_init() and init_cache_level() functions in arch/arm64/kernel/cacheinfo.c. A local user can perform a denial of service (DoS) attack.

12) Integer underflow (CVE-ID: CVE-2022-49969)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the optc1_enable_optc_clock() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_optc.c. A local user can execute arbitrary code.

13) Use-after-free (CVE-ID: CVE-2022-49986)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the storvsc_probe() function in drivers/scsi/storvsc_drv.c. A local user can escalate privileges on the system.

14) Input validation error (CVE-ID: CVE-2022-49987)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the md_stop() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

15) NULL pointer dereference (CVE-ID: CVE-2022-49989)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lock_pages() and privcmd_ioctl_dm_op() functions in drivers/xen/privcmd.c. A local user can perform a denial of service (DoS) attack.

16) Use-after-free (CVE-ID: CVE-2022-50022)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the raid5_end_write_request() function in drivers/md/raid5.c. A local user can escalate privileges on the system.

17) Memory leak (CVE-ID: CVE-2022-50033)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ohci_hcd_ppc_of_probe() function in drivers/usb/host/ohci-ppc-of.c. A local user can perform a denial of service (DoS) attack.

18) Improper locking (CVE-ID: CVE-2022-50053)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.

19) Out-of-bounds read (CVE-ID: CVE-2022-50066)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the aq_nic_service_timer_cb(), aq_nic_get_regs_count(), aq_nic_get_stats(), aq_nic_set_loopback() and aq_nic_stop() functions in drivers/net/ethernet/aquantia/atlantic/aq_nic.c. A local user can perform a denial of service (DoS) attack.

20) Out-of-bounds read (CVE-ID: CVE-2022-50084)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the raid_status() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

21) Infinite loop (CVE-ID: CVE-2022-50085)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the attempt_restore_of_faulty_devices() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

22) Use-after-free (CVE-ID: CVE-2022-50087)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the scpi_init_versions() and scpi_probe() functions in drivers/firmware/arm_scpi.c. A local user can escalate privileges on the system.

23) Improper locking (CVE-ID: CVE-2022-50098)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qla2xxx_eh_abort(), qla2x00_eh_wait_for_pending_commands(), qla2xxx_eh_device_reset() and qla2xxx_eh_target_reset() functions in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

24) Out-of-bounds read (CVE-ID: CVE-2022-50103)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cpuset_cpumask_can_shrink() and task_can_attach() functions in kernel/sched/core.c, within the cpuset_can_attach() function in kernel/cgroup/cpuset.c. A local user can perform a denial of service (DoS) attack.

25) Improper locking (CVE-ID: CVE-2022-50127)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rxe_qp_init_misc(), rxe_qp_init_req() and rxe_qp_init_resp() functions in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can perform a denial of service (DoS) attack.

26) Memory leak (CVE-ID: CVE-2022-50134)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the setup_base_ctxt() function in drivers/infiniband/hw/hfi1/file_ops.c. A local user can perform a denial of service (DoS) attack.

27) Memory leak (CVE-ID: CVE-2022-50160)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ap_flash_init() function in drivers/mtd/maps/physmap-versatile.c. A local user can perform a denial of service (DoS) attack.

28) Buffer overflow (CVE-ID: CVE-2022-50185)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ni_set_mc_special_registers() function in drivers/gpu/drm/radeon/ni_dpm.c. A local user can escalate privileges on the system.

29) Memory leak (CVE-ID: CVE-2022-50191)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the of_get_regulation_constraints() function in drivers/regulator/of_regulator.c. A local user can perform a denial of service (DoS) attack.

30) Improper locking (CVE-ID: CVE-2022-50202)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the snapshot_open(), snapshot_write() and snapshot_ioctl() functions in kernel/power/user.c. A local user can perform a denial of service (DoS) attack.

31) Use-after-free (CVE-ID: CVE-2022-50211)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the raid10_remove_disk() function in drivers/md/raid10.c. A local user can escalate privileges on the system.

32) Use-after-free (CVE-ID: CVE-2022-50220)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drivers/net/usb/usbnet.c. A local user can escalate privileges on the system.

33) Improper error handling (CVE-ID: CVE-2022-50228)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the svm_set_irq() function in arch/x86/kvm/svm.c. A local user can perform a denial of service (DoS) attack.

34) Use-after-free (CVE-ID: CVE-2022-50229)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bcd2000_init_midi() function in sound/usb/bcd2000/bcd2000.c. A local user can escalate privileges on the system.

35) Out-of-bounds write (CVE-ID: CVE-2023-3090)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ipvlan network driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

36) Improper locking (CVE-ID: CVE-2023-53109)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the LL_RESERVED_SPACE() function in net/ipv6/ip6_tunnel.c, within the ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can perform a denial of service (DoS) attack.

37) Out-of-bounds read (CVE-ID: CVE-2025-37911)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.

38) Resource management error (CVE-ID: CVE-2025-37932)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the htb_qlen_notify() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.

39) Use-after-free (CVE-ID: CVE-2025-38023)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfs4_alloc_unlockdata() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

40) Use-after-free (CVE-ID: CVE-2025-38024)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rxe_cq_from_init() function in drivers/infiniband/sw/rxe/rxe_cq.c. A local user can escalate privileges on the system.

41) Improper locking (CVE-ID: CVE-2025-38063)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __send_empty_flush() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

42) Use-after-free (CVE-ID: CVE-2025-38079)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hash_accept() function in crypto/algif_hash.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1820

Vulnerable Software

openEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2507.2.0.0335
python3-perf: before 4.19.90-2507.2.0.0335
python2-perf-debuginfo: before 4.19.90-2507.2.0.0335
python2-perf: before 4.19.90-2507.2.0.0335
perf-debuginfo: before 4.19.90-2507.2.0.0335
perf: before 4.19.90-2507.2.0.0335
kernel-tools-devel: before 4.19.90-2507.2.0.0335
kernel-tools-debuginfo: before 4.19.90-2507.2.0.0335
kernel-tools: before 4.19.90-2507.2.0.0335
kernel-source: before 4.19.90-2507.2.0.0335
kernel-devel: before 4.19.90-2507.2.0.0335
kernel-debugsource: before 4.19.90-2507.2.0.0335
kernel-debuginfo: before 4.19.90-2507.2.0.0335
bpftool-debuginfo: before 4.19.90-2507.2.0.0335
bpftool: before 4.19.90-2507.2.0.0335
kernel: before 4.19.90-2507.2.0.0335

SB20250711142 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human