SB2025092639 - openEuler 22.03 LTS SP4 update for kernel

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2022-50255)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the trace_string() and trace_event_raw_event_synth() functions in kernel/trace/trace_events_synth.c. A local user can perform a denial of service (DoS) attack.

2) Resource management error (CVE-ID: CVE-2022-50313)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the erofs_fill_symlink() function in fs/erofs/inode.c. A local user can perform a denial of service (DoS) attack.

3) Improper locking (CVE-ID: CVE-2023-53149)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the free_ext_block(), ext4_ext_migrate() and ext4_ind_migrate() functions in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

4) Memory leak (CVE-ID: CVE-2023-53221)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bpf_trampoline_get_progs() and bpf_trampoline_update() functions in kernel/bpf/trampoline.c. A local user can perform a denial of service (DoS) attack.

5) Out-of-bounds read (CVE-ID: CVE-2023-53357)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2025-38695)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli4_vport_delete_fcp_xri_aborted() function in drivers/scsi/lpfc/lpfc_scsi.c. A local user can perform a denial of service (DoS) attack.

7) Improper locking (CVE-ID: CVE-2025-39773)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the net/bridge/br_private.h. A local user can perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2025-39813)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ftrace_dump() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.

9) Resource management error (CVE-ID: CVE-2025-39829)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the register_ftrace_graph() function in kernel/trace/fgraph.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2350