Anolis OS update for kernel:4.18



Risk Low
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2021-47670
CVE-2024-56644
CVE-2025-21727
CVE-2025-21759
CVE-2025-38085
CVE-2025-38159
CWE-ID CWE-416
CWE-401
CWE-119
CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Anolis OS
Operating systems & Components / Operating system

kernel-doc
Operating systems & Components / Operating system package or component

kernel-abi-stablelists
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-libs-devel
Operating systems & Components / Operating system package or component

kernel-tools-libs
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-modules-extra
Operating systems & Components / Operating system package or component

kernel-modules
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debug-modules-extra
Operating systems & Components / Operating system package or component

kernel-debug-modules
Operating systems & Components / Operating system package or component

kernel-debug-devel
Operating systems & Components / Operating system package or component

kernel-debug-core
Operating systems & Components / Operating system package or component

kernel-debug
Operating systems & Components / Operating system package or component

kernel-cross-headers
Operating systems & Components / Operating system package or component

kernel-core
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

Vendor OpenAnolis

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU107661

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47670

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pcan_usb_fd_decode_canmsg() and pcan_usb_fd_decode_status() functions in drivers/net/can/usb/peak_usb/pcan_usb_fd.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.69.1.0.1

kernel-abi-stablelists: before 4.18.0-553.69.1.0.1

python3-perf: before 4.18.0-553.69.1.0.1

perf: before 4.18.0-553.69.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.69.1.0.1

kernel-tools-libs: before 4.18.0-553.69.1.0.1

kernel-tools: before 4.18.0-553.69.1.0.1

kernel-modules-extra: before 4.18.0-553.69.1.0.1

kernel-modules: before 4.18.0-553.69.1.0.1

kernel-headers: before 4.18.0-553.69.1.0.1

kernel-devel: before 4.18.0-553.69.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.69.1.0.1

kernel-debug-modules: before 4.18.0-553.69.1.0.1

kernel-debug-devel: before 4.18.0-553.69.1.0.1

kernel-debug-core: before 4.18.0-553.69.1.0.1

kernel-debug: before 4.18.0-553.69.1.0.1

kernel-cross-headers: before 4.18.0-553.69.1.0.1

kernel-core: before 4.18.0-553.69.1.0.1

kernel: before 4.18.0-553.69.1.0.1

bpftool: before 4.18.0-553.69.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0534


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU101992

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56644

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ip6_negative_advice() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.69.1.0.1

kernel-abi-stablelists: before 4.18.0-553.69.1.0.1

python3-perf: before 4.18.0-553.69.1.0.1

perf: before 4.18.0-553.69.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.69.1.0.1

kernel-tools-libs: before 4.18.0-553.69.1.0.1

kernel-tools: before 4.18.0-553.69.1.0.1

kernel-modules-extra: before 4.18.0-553.69.1.0.1

kernel-modules: before 4.18.0-553.69.1.0.1

kernel-headers: before 4.18.0-553.69.1.0.1

kernel-devel: before 4.18.0-553.69.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.69.1.0.1

kernel-debug-modules: before 4.18.0-553.69.1.0.1

kernel-debug-devel: before 4.18.0-553.69.1.0.1

kernel-debug-core: before 4.18.0-553.69.1.0.1

kernel-debug: before 4.18.0-553.69.1.0.1

kernel-cross-headers: before 4.18.0-553.69.1.0.1

kernel-core: before 4.18.0-553.69.1.0.1

kernel: before 4.18.0-553.69.1.0.1

bpftool: before 4.18.0-553.69.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0534


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU104960

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21727

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the padata_free_shell() function in kernel/padata.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.69.1.0.1

kernel-abi-stablelists: before 4.18.0-553.69.1.0.1

python3-perf: before 4.18.0-553.69.1.0.1

perf: before 4.18.0-553.69.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.69.1.0.1

kernel-tools-libs: before 4.18.0-553.69.1.0.1

kernel-tools: before 4.18.0-553.69.1.0.1

kernel-modules-extra: before 4.18.0-553.69.1.0.1

kernel-modules: before 4.18.0-553.69.1.0.1

kernel-headers: before 4.18.0-553.69.1.0.1

kernel-devel: before 4.18.0-553.69.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.69.1.0.1

kernel-debug-modules: before 4.18.0-553.69.1.0.1

kernel-debug-devel: before 4.18.0-553.69.1.0.1

kernel-debug-core: before 4.18.0-553.69.1.0.1

kernel-debug: before 4.18.0-553.69.1.0.1

kernel-cross-headers: before 4.18.0-553.69.1.0.1

kernel-core: before 4.18.0-553.69.1.0.1

kernel: before 4.18.0-553.69.1.0.1

bpftool: before 4.18.0-553.69.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0534


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU104946

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21759

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mld_send_cr() and igmp6_send() functions in net/ipv6/mcast.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.69.1.0.1

kernel-abi-stablelists: before 4.18.0-553.69.1.0.1

python3-perf: before 4.18.0-553.69.1.0.1

perf: before 4.18.0-553.69.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.69.1.0.1

kernel-tools-libs: before 4.18.0-553.69.1.0.1

kernel-tools: before 4.18.0-553.69.1.0.1

kernel-modules-extra: before 4.18.0-553.69.1.0.1

kernel-modules: before 4.18.0-553.69.1.0.1

kernel-headers: before 4.18.0-553.69.1.0.1

kernel-devel: before 4.18.0-553.69.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.69.1.0.1

kernel-debug-modules: before 4.18.0-553.69.1.0.1

kernel-debug-devel: before 4.18.0-553.69.1.0.1

kernel-debug-core: before 4.18.0-553.69.1.0.1

kernel-debug: before 4.18.0-553.69.1.0.1

kernel-cross-headers: before 4.18.0-553.69.1.0.1

kernel-core: before 4.18.0-553.69.1.0.1

kernel: before 4.18.0-553.69.1.0.1

bpftool: before 4.18.0-553.69.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0534


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU112121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38085

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the huge_pmd_unshare() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.69.1.0.1

kernel-abi-stablelists: before 4.18.0-553.69.1.0.1

python3-perf: before 4.18.0-553.69.1.0.1

perf: before 4.18.0-553.69.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.69.1.0.1

kernel-tools-libs: before 4.18.0-553.69.1.0.1

kernel-tools: before 4.18.0-553.69.1.0.1

kernel-modules-extra: before 4.18.0-553.69.1.0.1

kernel-modules: before 4.18.0-553.69.1.0.1

kernel-headers: before 4.18.0-553.69.1.0.1

kernel-devel: before 4.18.0-553.69.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.69.1.0.1

kernel-debug-modules: before 4.18.0-553.69.1.0.1

kernel-debug-devel: before 4.18.0-553.69.1.0.1

kernel-debug-core: before 4.18.0-553.69.1.0.1

kernel-debug: before 4.18.0-553.69.1.0.1

kernel-cross-headers: before 4.18.0-553.69.1.0.1

kernel-core: before 4.18.0-553.69.1.0.1

kernel: before 4.18.0-553.69.1.0.1

bpftool: before 4.18.0-553.69.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0534


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU112199

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38159

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rtw_coex_tdma_timer_base() function in drivers/net/wireless/realtek/rtw88/coex.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

kernel-doc: before 4.18.0-553.69.1.0.1

kernel-abi-stablelists: before 4.18.0-553.69.1.0.1

python3-perf: before 4.18.0-553.69.1.0.1

perf: before 4.18.0-553.69.1.0.1

kernel-tools-libs-devel: before 4.18.0-553.69.1.0.1

kernel-tools-libs: before 4.18.0-553.69.1.0.1

kernel-tools: before 4.18.0-553.69.1.0.1

kernel-modules-extra: before 4.18.0-553.69.1.0.1

kernel-modules: before 4.18.0-553.69.1.0.1

kernel-headers: before 4.18.0-553.69.1.0.1

kernel-devel: before 4.18.0-553.69.1.0.1

kernel-debug-modules-extra: before 4.18.0-553.69.1.0.1

kernel-debug-modules: before 4.18.0-553.69.1.0.1

kernel-debug-devel: before 4.18.0-553.69.1.0.1

kernel-debug-core: before 4.18.0-553.69.1.0.1

kernel-debug: before 4.18.0-553.69.1.0.1

kernel-cross-headers: before 4.18.0-553.69.1.0.1

kernel-core: before 4.18.0-553.69.1.0.1

kernel: before 4.18.0-553.69.1.0.1

bpftool: before 4.18.0-553.69.1.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0534


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###