SB2025092641 - openEuler 20.03 LTS SP4 update for kernel

Main Vulnerability Database SB2025092641

SB2025092641 - openEuler 20.03 LTS SP4 update for kernel

Published: September 26, 2025

Security Bulletin ID SB2025092641

Severity

Low

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2022-50312)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the jsm_probe_one() function in drivers/tty/serial/jsm/jsm_driver.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2022-50343)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rio_setup_device() function in drivers/rapidio/rio-scan.c. A local user can perform a denial of service (DoS) attack.

3) Memory leak (CVE-ID: CVE-2022-50389)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the crb_acpi_add() function in drivers/char/tpm/tpm_crb.c. A local user can perform a denial of service (DoS) attack.

4) Improper locking (CVE-ID: CVE-2023-53149)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the free_ext_block(), ext4_ext_migrate() and ext4_ind_migrate() functions in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2023-53332)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and ipi_send_verify() functions in kernel/irq/ipi.c. A local user can perform a denial of service (DoS) attack.

6) Improper locking (CVE-ID: CVE-2025-39773)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the net/bridge/br_private.h. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2348

Vulnerable Software

openEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2509.6.0.0345
python3-perf: before 4.19.90-2509.6.0.0345
python2-perf-debuginfo: before 4.19.90-2509.6.0.0345
python2-perf: before 4.19.90-2509.6.0.0345
perf-debuginfo: before 4.19.90-2509.6.0.0345
perf: before 4.19.90-2509.6.0.0345
kernel-tools-devel: before 4.19.90-2509.6.0.0345
kernel-tools-debuginfo: before 4.19.90-2509.6.0.0345
kernel-tools: before 4.19.90-2509.6.0.0345
kernel-source: before 4.19.90-2509.6.0.0345
kernel-devel: before 4.19.90-2509.6.0.0345
kernel-debugsource: before 4.19.90-2509.6.0.0345
kernel-debuginfo: before 4.19.90-2509.6.0.0345
bpftool-debuginfo: before 4.19.90-2509.6.0.0345
bpftool: before 4.19.90-2509.6.0.0345
kernel: before 4.19.90-2509.6.0.0345