openEuler 24.03 LTS SP2 update for kernel



Risk Low
Patch available YES
Number of vulnerabilities 60
CVE-ID CVE-2024-47732
CVE-2025-21861
CVE-2025-21996
CVE-2025-22033
CVE-2025-22101
CVE-2025-22108
CVE-2025-23141
CVE-2025-23149
CVE-2025-37739
CVE-2025-37784
CVE-2025-37808
CVE-2025-37810
CVE-2025-37842
CVE-2025-37849
CVE-2025-37854
CVE-2025-37887
CVE-2025-37930
CVE-2025-37933
CVE-2025-37937
CVE-2025-37948
CVE-2025-37951
CVE-2025-37963
CVE-2025-37968
CVE-2025-37984
CVE-2025-37991
CVE-2025-38007
CVE-2025-38023
CVE-2025-38034
CVE-2025-38060
CVE-2025-38065
CVE-2025-38067
CVE-2025-38072
CVE-2025-38074
CVE-2025-38078
CVE-2025-38080
CVE-2025-38081
CVE-2025-38090
CVE-2025-38094
CVE-2025-38095
CVE-2025-38099
CVE-2025-38108
CVE-2025-38118
CVE-2025-38142
CVE-2025-38146
CVE-2025-38152
CVE-2025-38159
CVE-2025-38163
CVE-2025-38170
CVE-2025-38182
CVE-2025-38195
CVE-2025-38197
CVE-2025-38202
CVE-2025-38229
CVE-2025-38279
CVE-2025-38280
CVE-2025-38320
CVE-2025-38322
CVE-2025-38346
CVE-2025-39735
CVE-2025-40014
CWE-ID CWE-416
CWE-399
CWE-908
CWE-476
CWE-20
CWE-667
CWE-388
CWE-125
CWE-401
CWE-119
CWE-369
CWE-190
CWE-835
CWE-682
Exploitation vector Local
Public exploit N/A
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-extra-modules
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 60 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU98887

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47732

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the remove_device_compression_modes() function in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU105674

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21861

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the migrate_device_finalize() function in mm/migrate_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of uninitialized resource

EUVDB-ID: #VU106963

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21996

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the radeon_vce_cs_parse() function in drivers/gpu/drm/radeon/radeon_vce.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU107720

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22033

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the do_compat_alignment_fixup() function in arch/arm64/kernel/compat_alignment.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU107802

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22101

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the wx_tx_csum() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU107800

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22108

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bnxt_xmit_bd() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_start_xmit() and dma_unmap_addr_set() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper locking

EUVDB-ID: #VU108317

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23141

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kvm_arch_vcpu_ioctl_get_mpstate() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper error handling

EUVDB-ID: #VU108336

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23149

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the tpm_get_random() function in drivers/char/tpm/tpm-interface.c, within the tpm_try_get_ops() function in drivers/char/tpm/tpm-chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU108257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37739

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the f2fs_truncate_inode_blocks() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU108291

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37784

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the icss_iep_perout_enable_hw() and icss_iep_perout_enable() functions in drivers/net/ethernet/ti/icssg/icss_iep.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU108820

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37808

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DEFINE_MUTEX(), MODULE_ALIAS_CRYPTO() and EXPORT_SYMBOL_GPL() functions in crypto/crypto_null.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU108791

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37810

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dwc3_check_event_buf() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU108892

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37842

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the fsl_qspi_cleanup(), fsl_qspi_probe(), fsl_qspi_remove() and module_platform_driver() functions in drivers/spi/spi-fsl-qspi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU108853

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37849

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kvm_arch_vcpu_create() function in arch/arm64/kvm/arm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU108873

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37854

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kfd_process_remove_sysfs() and kfd_process_wq_release() functions in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU108891

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37887

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the pdsc_dl_info_get() function in drivers/net/ethernet/amd/pds_core/devlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Resource management error

EUVDB-ID: #VU109571

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37930

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU109584

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37933

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the octep_hb_timeout_task() function in drivers/net/ethernet/marvell/octeon_ep/octep_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Division by zero

EUVDB-ID: #VU109556

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37937

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the dib8000_set_dds() function in drivers/media/dvb-frontends/dib8000.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU109581

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pr_fmt(), build_plt(), build_epilogue() and bpf_int_jit_compile() functions in arch/arm64/net/bpf_jit_comp.c, within the this_cpu_set_vectors() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Memory leak

EUVDB-ID: #VU109495

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37951

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v3d_gpu_reset_for_timeout(), v3d_cl_job_timedout() and v3d_csd_job_timedout() functions in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU109582

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37963

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the build_bhb_mitigation() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper locking

EUVDB-ID: #VU109529

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37968

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the opt3001_irq() function in drivers/iio/light/opt3001.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Integer overflow

EUVDB-ID: #VU109553

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37984

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ecdsa_x962_verify() function in crypto/ecdsa-x962.c, within the ecdsa_p1363_verify() function in crypto/ecdsa-p1363.c, within the EXPORT_SYMBOL() function in crypto/ecc.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper error handling

EUVDB-ID: #VU109546

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37991

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the handle_fpe() function in arch/parisc/math-emu/driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU111563

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38007

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the uclogic_input_configured() function in drivers/hid/hid-uclogic-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU111469

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38023

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfs4_alloc_unlockdata() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU111557

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38034

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Infinite loop

EUVDB-ID: #VU111643

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38060

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the copy_verifier_state() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU111702

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38065

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the orangefs_writepage_locked() and orangefs_writepages_work() functions in fs/orangefs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Input validation error

EUVDB-ID: #VU111703

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38067

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rseq_get_rseq_cs_ptr_val(), rseq_get_rseq_cs(), rseq_need_restart(), clear_rseq_cs(), rseq_ip_fixup() and SYSCALL_DEFINE4() functions in kernel/rseq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Division by zero

EUVDB-ID: #VU111639

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38072

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the nd_label_data_init() function in drivers/nvdimm/label.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU111536

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38074

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU111460

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38078

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_pcm_buffer_access_unlock() function in sound/core/pcm_native.c, within the snd_pcm_oss_change_params_locked() function in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Buffer overflow

EUVDB-ID: #VU111662

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38080

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/gpu/drm/amd/display/dc/inc/core_types.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU111491

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38081

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rockchip_spi_config() function in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Buffer overflow

EUVDB-ID: #VU112123

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38090

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the riocm_ch_send() function in drivers/rapidio/rio_cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU112240

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38094

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the macb_update_stats() function in drivers/net/ethernet/cadence/macb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) NULL pointer dereference

EUVDB-ID: #VU112221

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38095

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dma_resv_add_fence() function in drivers/dma-buf/dma-resv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU112223

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38099

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_cc_read_buffer_size() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper locking

EUVDB-ID: #VU112225

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38108

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __red_change() function in net/sched/sch_red.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU112183

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38118

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mgmt_adv_monitor_added(), __add_adv_patterns_monitor(), mgmt_remove_adv_monitor_complete() and remove_adv_monitor() functions in net/bluetooth/mgmt.c, within the hci_free_adv_monitor() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Input validation error

EUVDB-ID: #VU112267

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38142

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the asus_ec_hwmon_read_string() function in drivers/hwmon/asus-ec-sensors.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU112197

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38146

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the key_extract_l3l4() function in net/openvswitch/flow.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) NULL pointer dereference

EUVDB-ID: #VU107697

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38152

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rproc_shutdown() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds read

EUVDB-ID: #VU112199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38159

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtw_coex_tdma_timer_base() function in drivers/net/wireless/realtek/rtw88/coex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Input validation error

EUVDB-ID: #VU112241

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38163

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Resource management error

EUVDB-ID: #VU112256

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38170

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_sme_acc() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Input validation error

EUVDB-ID: #VU112314

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38182

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper error handling

EUVDB-ID: #VU112317

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38195

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the huge_pte_offset() function in arch/loongarch/mm/hugetlbpage.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU112306

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38197

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the packet_read_list() and packet_empty_list() functions in drivers/platform/x86/dell/dell_rbu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Resource management error

EUVDB-ID: #VU112328

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38202

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the BPF_CALL_3() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use of uninitialized resource

EUVDB-ID: #VU112321

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38229

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cxusb_gpio_tuner() function in drivers/media/usb/dvb-usb/cxusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Resource management error

EUVDB-ID: #VU112834

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38279

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the backtrack_insn() and check_cond_jmp_op() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Resource management error

EUVDB-ID: #VU112835

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38280

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Incorrect calculation

EUVDB-ID: #VU112838

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38320

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the regs_get_kernel_stack_nth() function in arch/arm64/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper locking

EUVDB-ID: #VU112786

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38322

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the intel_pmu_read_event() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU112745

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38346

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ftrace_release_mod() function in kernel/trace/ftrace.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

EUVDB-ID: #VU107684

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-39735

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ea_get() function in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Out-of-bounds read

EUVDB-ID: #VU107683

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-40014

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amd_set_spi_freq() function in drivers/spi/spi-amd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP2

python3-perf-debuginfo: before 6.6.0-101.0.0.107

python3-perf: before 6.6.0-101.0.0.107

perf-debuginfo: before 6.6.0-101.0.0.107

perf: before 6.6.0-101.0.0.107

kernel-tools-devel: before 6.6.0-101.0.0.107

kernel-tools-debuginfo: before 6.6.0-101.0.0.107

kernel-tools: before 6.6.0-101.0.0.107

kernel-source: before 6.6.0-101.0.0.107

kernel-headers: before 6.6.0-101.0.0.107

kernel-extra-modules: before 6.6.0-101.0.0.107

kernel-devel: before 6.6.0-101.0.0.107

kernel-debugsource: before 6.6.0-101.0.0.107

kernel-debuginfo: before 6.6.0-101.0.0.107

bpftool-debuginfo: before 6.6.0-101.0.0.107

bpftool: before 6.6.0-101.0.0.107

kernel: before 6.6.0-101.0.0.107

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1870


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###