SB2025081163 - openEuler 24.03 LTS SP2 update for kernel

Main Vulnerability Database SB2025081163

SB2025081163 - openEuler 24.03 LTS SP2 update for kernel

Published: August 11, 2025

Security Bulletin ID SB2025081163

Severity

Low

Patch available

YES

Number of vulnerabilities 39

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 39 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2024-57982)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xfrm_state_deref_prot(), xfrm_dst_hash(), xfrm_src_hash(), xfrm_spi_hash(), xfrm_init_tempstate(), __xfrm_state_lookup_all(), xfrm_input_state_lookup(), EXPORT_SYMBOL(), __xfrm_state_lookup_byaddr(), xfrm_state_find(), xfrm_state_lookup() and xfrm_state_lookup_byaddr() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2025-21682)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bnxt_xdp_set() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c, within the bnxt_set_ring_params(), bnxt_set_rx_skb_mode() and bnxt_init_one() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.

3) Resource management error (CVE-ID: CVE-2025-21884)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c, within the smc_create_clcsk() function in net/smc/af_smc.c, within the rds_tcp_tune() function in net/rds/tcp.c, within the netlink_release() function in net/netlink/af_netlink.c, within the mptcp_subflow_create_socket() function in net/mptcp/subflow.c, within the sk_alloc(), EXPORT_SYMBOL(), __sk_destruct() and sk_clone_lock() functions in net/core/sock.c. A local user can perform a denial of service (DoS) attack.

4) Use of uninitialized resource (CVE-ID: CVE-2025-21891)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ipvlan_addr_lookup() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2025-37957)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the shutdown_interception() function in arch/x86/kvm/svm/svm.c, within the kvm_smm_changed() function in arch/x86/kvm/smm.c. A local user can escalate privileges on the system.

6) NULL pointer dereference (CVE-ID: CVE-2025-37992)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_change() function in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.

7) Improper locking (CVE-ID: CVE-2025-38040)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the stm32_usart_enable_ms() function in drivers/tty/serial/stm32-usart.c, within the sci_shutdown() function in drivers/tty/serial/sh-sci.c, within the mctrl_gpio_enable_ms() and mctrl_gpio_disable_ms() functions in drivers/tty/serial/serial_mctrl_gpio.c, within the imx_uart_shutdown() function in drivers/tty/serial/imx.c, within the atmel_disable_ms() function in drivers/tty/serial/atmel_serial.c, within the serial8250_disable_ms() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.

8) Race condition within a thread (CVE-ID: CVE-2025-38048)

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the virtqueue_enable_cb_delayed() function in drivers/virtio/virtio_ring.c. A local user can corrupt data.

9) Improper locking (CVE-ID: CVE-2025-38063)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __send_empty_flush() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

10) Input validation error (CVE-ID: CVE-2025-38125)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2025-38135)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlb_usio_probe() function in drivers/tty/serial/milbeaut_usio.c. A local user can perform a denial of service (DoS) attack.

12) NULL pointer dereference (CVE-ID: CVE-2025-38145)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() function in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.

13) Improper error handling (CVE-ID: CVE-2025-38181)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the calipso_req_setattr() and calipso_req_delattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.

14) Incorrect calculation (CVE-ID: CVE-2025-38207)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the init_multi_vma_prep(), vma_complete() and copy_vma() functions in mm/vma.c. A local user can perform a denial of service (DoS) attack.

15) Improper error handling (CVE-ID: CVE-2025-38222)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.

16) Improper error handling (CVE-ID: CVE-2025-38246)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __bnxt_poll_work() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.

17) NULL pointer dereference (CVE-ID: CVE-2025-38265)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the jsm_uart_port_init() function in drivers/tty/serial/jsm/jsm_tty.c. A local user can perform a denial of service (DoS) attack.

18) Buffer overflow (CVE-ID: CVE-2025-38332)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the lpfc_sli4_get_ctl_attr() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can escalate privileges on the system.

19) Improper locking (CVE-ID: CVE-2025-38338)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfs_return_empty_folio() function in fs/nfs/read.c. A local user can perform a denial of service (DoS) attack.

20) Memory leak (CVE-ID: CVE-2025-38345)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c. A local user can perform a denial of service (DoS) attack.

21) NULL pointer dereference (CVE-ID: CVE-2025-38362)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_enable_encryption() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.

22) NULL pointer dereference (CVE-ID: CVE-2025-38371)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the v3d_hub_irq(), v3d_irq_init() and v3d_irq_disable() functions in drivers/gpu/drm/v3d/v3d_irq.c, within the v3d_reset() function in drivers/gpu/drm/v3d/v3d_gem.c. A local user can perform a denial of service (DoS) attack.

23) Out-of-bounds read (CVE-ID: CVE-2025-38380)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amd_i2c_dw_xfer_quirk() function in drivers/i2c/busses/i2c-designware-master.c. A local user can perform a denial of service (DoS) attack.

24) Improper locking (CVE-ID: CVE-2025-38385)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lan78xx_disconnect() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.

25) Use-after-free (CVE-ID: CVE-2025-38386)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.

26) NULL pointer dereference (CVE-ID: CVE-2025-38387)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the subscribe_event_xa_alloc() function in drivers/infiniband/hw/mlx5/devx.c. A local user can perform a denial of service (DoS) attack.

27) Buffer overflow (CVE-ID: CVE-2025-38396)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the secretmem_file_create() function in mm/secretmem.c, within the anon_inode_make_secure_inode() and __anon_inode_getfile() functions in fs/anon_inodes.c. A local user can perform a denial of service (DoS) attack.

28) Memory leak (CVE-ID: CVE-2025-38400)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

29) Out-of-bounds read (CVE-ID: CVE-2025-38415)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the squashfs_fill_super() function in fs/squashfs/super.c. A local user can perform a denial of service (DoS) attack.

30) Buffer overflow (CVE-ID: CVE-2025-38424)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the do_exit() function in kernel/exit.c, within the perf_sample_ustack_size() and perf_callchain() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

31) Resource management error (CVE-ID: CVE-2025-38427)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the DEFINE_RES_MEM() and screen_info_apply_fixups() functions in drivers/video/screen_info_pci.c. A local user can perform a denial of service (DoS) attack.

32) Input validation error (CVE-ID: CVE-2025-38430)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nfsd4_spo_must_allow() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

33) Resource management error (CVE-ID: CVE-2025-38439)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.

34) Out-of-bounds read (CVE-ID: CVE-2025-38447)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the folio_remove_rmap_pud(), try_to_unmap_one() and hugetlb_remove_rmap() functions in mm/rmap.c. A local user can perform a denial of service (DoS) attack.

35) Buffer overflow (CVE-ID: CVE-2025-38466)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the perf_uprobe_event_init() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

36) Use-after-free (CVE-ID: CVE-2025-38471)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tls_strp_read_sock() function in net/tls/tls_strp.c. A local user can escalate privileges on the system.

37) Input validation error (CVE-ID: CVE-2025-38474)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sierra_net_bind() function in drivers/net/usb/sierra_net.c. A local user can perform a denial of service (DoS) attack.

38) Improper locking (CVE-ID: CVE-2025-38496)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __evict_many() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.

39) Improper privilege management (CVE-ID: CVE-2025-38498)

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the do_change_type() function in fs/namespace.c. A local user can read and manipulate data.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1961

Vulnerable Software

openEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-104.0.0.110
python3-perf: before 6.6.0-104.0.0.110
perf-debuginfo: before 6.6.0-104.0.0.110
perf: before 6.6.0-104.0.0.110
kernel-tools-devel: before 6.6.0-104.0.0.110
kernel-tools-debuginfo: before 6.6.0-104.0.0.110
kernel-tools: before 6.6.0-104.0.0.110
kernel-source: before 6.6.0-104.0.0.110
kernel-headers: before 6.6.0-104.0.0.110
kernel-extra-modules: before 6.6.0-104.0.0.110
kernel-devel: before 6.6.0-104.0.0.110
kernel-debugsource: before 6.6.0-104.0.0.110
kernel-debuginfo: before 6.6.0-104.0.0.110
bpftool-debuginfo: before 6.6.0-104.0.0.110
bpftool: before 6.6.0-104.0.0.110
kernel: before 6.6.0-104.0.0.110