SB2025081162 - openEuler 22.03 LTS SP3 update for kernel
Published: August 11, 2025 Updated: September 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 23 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2022-49183)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_ct_skb_nfct_cached() function in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.
2) Improper locking (CVE-ID: CVE-2022-49420)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the compute_score() and __udp_v6_is_mcast_sock() functions in net/ipv6/udp.c, within the WRITE_ONCE() and ip6_datagram_send_ctl() functions in net/ipv6/datagram.c. A local user can perform a denial of service (DoS) attack.
3) Out-of-bounds read (CVE-ID: CVE-2023-39179)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling SMB2 read requests in ksmbd. A remote attacker can send specially crafted request to ksmbd, trigger an out-of-bounds read error and read contents of memory on the system.
4) Out-of-bounds read (CVE-ID: CVE-2023-4458)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when parsing extended attributes within the smb2_open() function in ksmbd. A remote non-authenticated attacker can send specially crafted requests to the daemon, trigger an out-of-bounds read error and read contents of memory on the system.
5) Use-after-free (CVE-ID: CVE-2024-57798)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_dp_mst_up_req_work() and drm_dp_mst_handle_up_req() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can escalate privileges on the system.
6) Out-of-bounds read (CVE-ID: CVE-2025-21692)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
7) Use-after-free (CVE-ID: CVE-2025-21700)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
8) Resource management error (CVE-ID: CVE-2025-21702)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.
9) Use of uninitialized resource (CVE-ID: CVE-2025-21891)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ipvlan_addr_lookup() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
10) Improper locking (CVE-ID: CVE-2025-38063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __send_empty_flush() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
11) Input validation error (CVE-ID: CVE-2025-38125)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.
12) Improper error handling (CVE-ID: CVE-2025-38181)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the calipso_req_setattr() and calipso_req_delattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
13) Improper error handling (CVE-ID: CVE-2025-38222)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
14) Buffer overflow (CVE-ID: CVE-2025-38332)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lpfc_sli4_get_ctl_attr() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can escalate privileges on the system.
15) NULL pointer dereference (CVE-ID: CVE-2025-38362)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_enable_encryption() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2025-38371)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_hub_irq(), v3d_irq_init() and v3d_irq_disable() functions in drivers/gpu/drm/v3d/v3d_irq.c, within the v3d_reset() function in drivers/gpu/drm/v3d/v3d_gem.c. A local user can perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2025-38386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.
18) NULL pointer dereference (CVE-ID: CVE-2025-38387)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subscribe_event_xa_alloc() function in drivers/infiniband/hw/mlx5/devx.c. A local user can perform a denial of service (DoS) attack.
19) Memory leak (CVE-ID: CVE-2025-38400)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
20) Buffer overflow (CVE-ID: CVE-2025-38424)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the do_exit() function in kernel/exit.c, within the perf_sample_ustack_size() and perf_callchain() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
21) Resource management error (CVE-ID: CVE-2025-38439)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
22) Input validation error (CVE-ID: CVE-2025-38474)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sierra_net_bind() function in drivers/net/usb/sierra_net.c. A local user can perform a denial of service (DoS) attack.
23) Improper privilege management (CVE-ID: CVE-2025-38498)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the do_change_type() function in fs/namespace.c. A local user can read and manipulate data.
Remediation
Install update from vendor's website.