SB2025081167 - openEuler 22.03 LTS SP4 update for kernel

Description

This security bulletin contains information about 22 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2022-49183)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tcf_ct_skb_nfct_cached() function in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.

2) Improper locking (CVE-ID: CVE-2022-49420)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the compute_score() and __udp_v6_is_mcast_sock() functions in net/ipv6/udp.c, within the WRITE_ONCE() and ip6_datagram_send_ctl() functions in net/ipv6/datagram.c. A local user can perform a denial of service (DoS) attack.

3) Out-of-bounds read (CVE-ID: CVE-2023-4458)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing extended attributes within the smb2_open() function in ksmbd. A remote non-authenticated attacker can send specially crafted requests to the daemon, trigger an out-of-bounds read error and read contents of memory on the system.

4) Use-after-free (CVE-ID: CVE-2024-57798)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_dp_mst_up_req_work() and drm_dp_mst_handle_up_req() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can escalate privileges on the system.

5) Out-of-bounds read (CVE-ID: CVE-2025-21692)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2025-21700)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_lookup() function in net/sched/sch_api.c. A local user can escalate privileges on the system.

7) Resource management error (CVE-ID: CVE-2025-21702)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pfifo_tail_enqueue() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.

8) Use of uninitialized resource (CVE-ID: CVE-2025-21891)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ipvlan_addr_lookup() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2025-38063)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __send_empty_flush() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

10) Input validation error (CVE-ID: CVE-2025-38125)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the est_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_est.c. A local user can perform a denial of service (DoS) attack.

11) Improper error handling (CVE-ID: CVE-2025-38181)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the calipso_req_setattr() and calipso_req_delattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.

12) Improper error handling (CVE-ID: CVE-2025-38222)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.

13) Buffer overflow (CVE-ID: CVE-2025-38332)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the lpfc_sli4_get_ctl_attr() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can escalate privileges on the system.

14) NULL pointer dereference (CVE-ID: CVE-2025-38362)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_enable_encryption() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.

15) NULL pointer dereference (CVE-ID: CVE-2025-38371)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the v3d_hub_irq(), v3d_irq_init() and v3d_irq_disable() functions in drivers/gpu/drm/v3d/v3d_irq.c, within the v3d_reset() function in drivers/gpu/drm/v3d/v3d_gem.c. A local user can perform a denial of service (DoS) attack.

16) Use-after-free (CVE-ID: CVE-2025-38386)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.

17) NULL pointer dereference (CVE-ID: CVE-2025-38387)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the subscribe_event_xa_alloc() function in drivers/infiniband/hw/mlx5/devx.c. A local user can perform a denial of service (DoS) attack.

18) Memory leak (CVE-ID: CVE-2025-38400)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

19) Buffer overflow (CVE-ID: CVE-2025-38424)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the do_exit() function in kernel/exit.c, within the perf_sample_ustack_size() and perf_callchain() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

20) Resource management error (CVE-ID: CVE-2025-38439)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.

21) Input validation error (CVE-ID: CVE-2025-38474)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sierra_net_bind() function in drivers/net/usb/sierra_net.c. A local user can perform a denial of service (DoS) attack.

22) Improper privilege management (CVE-ID: CVE-2025-38498)

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the do_change_type() function in fs/namespace.c. A local user can read and manipulate data.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1964