SB2025071868 - openEuler 24.03 LTS update for kernel

Main Vulnerability Database SB2025071868

SB2025071868 - openEuler 24.03 LTS update for kernel

Published: July 18, 2025

Security Bulletin ID SB2025071868

Severity

Low

Patch available

YES

Number of vulnerabilities 20

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 20 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2025-21702)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2025-21703)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the net/sched/sch_netem.c. A local user can escalate privileges on the system.

3) Improper locking (CVE-ID: CVE-2025-21875)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mptcp_nl_remove_subflow_and_signal_addr() function in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

4) Memory leak (CVE-ID: CVE-2025-21920)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vlan_check_real_dev() function in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.

5) Improper error handling (CVE-ID: CVE-2025-21926)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2025-21936)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mgmt_device_connected() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.

7) NULL pointer dereference (CVE-ID: CVE-2025-21937)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mgmt_remote_name() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2025-21938)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __mptcp_pm_release_addr_entry(), mptcp_pm_nl_append_new_local_addr(), mptcp_pm_nl_get_local_id() and mptcp_pm_nl_add_addr_doit() functions in net/mptcp/pm_netlink.c. A local user can perform a denial of service (DoS) attack.

9) Input validation error (CVE-ID: CVE-2025-22101)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the wx_tx_csum() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.

10) Input validation error (CVE-ID: CVE-2025-22108)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bnxt_xmit_bd() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_start_xmit() and dma_unmap_addr_set() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.

11) Out-of-bounds read (CVE-ID: CVE-2025-37810)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dwc3_check_event_buf() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.

12) NULL pointer dereference (CVE-ID: CVE-2025-38197)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the packet_read_list() and packet_empty_list() functions in drivers/platform/x86/dell/dell_rbu.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2025-38212)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the shm_try_destroy_orphaned() function in ipc/shm.c. A local user can escalate privileges on the system.

14) Use of uninitialized resource (CVE-ID: CVE-2025-38229)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cxusb_gpio_tuner() function in drivers/media/usb/dvb-usb/cxusb.c. A local user can perform a denial of service (DoS) attack.

15) Resource management error (CVE-ID: CVE-2025-38279)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the backtrack_insn() and check_cond_jmp_op() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

16) Resource management error (CVE-ID: CVE-2025-38280)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

17) Resource management error (CVE-ID: CVE-2025-38285)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the get_bpf_raw_tp_regs() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.

18) Incorrect calculation (CVE-ID: CVE-2025-38320)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the regs_get_kernel_stack_nth() function in arch/arm64/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.

19) Improper locking (CVE-ID: CVE-2025-38322)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the intel_pmu_read_event() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.

20) Use-after-free (CVE-ID: CVE-2025-38346)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ftrace_release_mod() function in kernel/trace/ftrace.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1874

Vulnerable Software

openEuler: 24.03 LTS
python3-perf-debuginfo: before 6.6.0-101.0.0.93
python3-perf: before 6.6.0-101.0.0.93
perf-debuginfo: before 6.6.0-101.0.0.93
perf: before 6.6.0-101.0.0.93
kernel-tools-devel: before 6.6.0-101.0.0.93
kernel-tools-debuginfo: before 6.6.0-101.0.0.93
kernel-tools: before 6.6.0-101.0.0.93
kernel-source: before 6.6.0-101.0.0.93
kernel-headers: before 6.6.0-101.0.0.93
kernel-devel: before 6.6.0-101.0.0.93
kernel-debugsource: before 6.6.0-101.0.0.93
kernel-debuginfo: before 6.6.0-101.0.0.93
bpftool-debuginfo: before 6.6.0-101.0.0.93
bpftool: before 6.6.0-101.0.0.93
kernel: before 6.6.0-101.0.0.93