SB2025080155 - openEuler 24.03 LTS SP2 update for kernel

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2025-21992)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2025-38015)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the idxd_alloc() function in drivers/dma/idxd/init.c. A local user can perform a denial of service (DoS) attack.

3) NULL pointer dereference (CVE-ID: CVE-2025-38035)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_restore_socket_callbacks() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

4) Memory leak (CVE-ID: CVE-2025-38190)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the atm_pop_raw() function in net/atm/raw.c, within the vcc_sendmsg() function in net/atm/common.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2025-38198)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fbcon_info_from_console() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.

6) Integer underflow (CVE-ID: CVE-2025-38200)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the i40e_pf_reset() function in drivers/net/ethernet/intel/i40e/i40e_common.c. A local user can execute arbitrary code.

7) NULL pointer dereference (CVE-ID: CVE-2025-38210)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the DECLARE_RWSEM(), tsm_report_privlevel_store(), tsm_report_privlevel_floor_show(), CONFIGFS_ATTR_RO(), tsm_report_read(), tsm_report_make_item(), tsm_register() and tsm_unregister() functions in drivers/virt/coco/tsm.c. A local user can perform a denial of service (DoS) attack.

8) Infinite loop (CVE-ID: CVE-2025-38264)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the nvme_tcp_fetch_request(), nvme_tcp_init_request(), nvme_tcp_handle_r2t() and nvme_tcp_submit_async_event() functions in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2025-38324)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mpls_route_input_rcu() function in net/mpls/af_mpls.c. A local user can perform a denial of service (DoS) attack.

10) Out-of-bounds read (CVE-ID: CVE-2025-38391)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the pin_assignment_show() function in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1928