SB2025092640 - openEuler 22.03 LTS SP3 update for kernel
Published: September 26, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2022-50255)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the trace_string() and trace_event_raw_event_synth() functions in kernel/trace/trace_events_synth.c. A local user can perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2022-50266)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kill_kprobe() function in kernel/kprobes.c. A local user can perform a denial of service (DoS) attack.
3) Resource management error (CVE-ID: CVE-2022-50313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the erofs_fill_symlink() function in fs/erofs/inode.c. A local user can perform a denial of service (DoS) attack.
4) Improper locking (CVE-ID: CVE-2023-53149)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the free_ext_block(), ext4_ext_migrate() and ext4_ind_migrate() functions in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.
5) Memory leak (CVE-ID: CVE-2023-53151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the flush_pending_writes() and raid10_unplug() functions in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
6) Memory leak (CVE-ID: CVE-2023-53174)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the raid_component_add() function in drivers/scsi/raid_class.c. A local user can perform a denial of service (DoS) attack.
7) Memory leak (CVE-ID: CVE-2023-53221)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bpf_trampoline_get_progs() and bpf_trampoline_update() functions in kernel/bpf/trampoline.c. A local user can perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2023-53332)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and ipi_send_verify() functions in kernel/irq/ipi.c. A local user can perform a denial of service (DoS) attack.
9) Out-of-bounds read (CVE-ID: CVE-2023-53357)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
10) Use-after-free (CVE-ID: CVE-2023-53386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_uuids_clear() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
11) Out-of-bounds read (CVE-ID: CVE-2023-53420)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ntfs_list_ea() function in fs/ntfs3/xattr.c. A local user can perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2025-38695)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli4_vport_delete_fcp_xri_aborted() function in drivers/scsi/lpfc/lpfc_scsi.c. A local user can perform a denial of service (DoS) attack.
13) Improper locking (CVE-ID: CVE-2025-39773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/bridge/br_private.h. A local user can perform a denial of service (DoS) attack.
14) Resource management error (CVE-ID: CVE-2025-39813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ftrace_dump() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
15) Resource management error (CVE-ID: CVE-2025-39829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the register_ftrace_graph() function in kernel/trace/fgraph.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.