SB2025101112 - openEuler 22.03 LTS SP4 update for kernel
Published: October 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2022-49234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dsa_switch_bridge_leave() function in net/dsa/switch.c. A local user can perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2022-50350)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsi_target_handle_csg_one() and iscsi_target_start_negotiation() functions in drivers/target/iscsi/iscsi_target_nego.c. A local user can perform a denial of service (DoS) attack.
3) Memory leak (CVE-ID: CVE-2022-50404)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fbcon_do_set_font() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
4) Memory leak (CVE-ID: CVE-2023-53241)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfsd4_encode_operation() function in fs/nfsd/nfs4xdr.c. A local user can perform a denial of service (DoS) attack.
5) Improper error handling (CVE-ID: CVE-2023-53259)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vmci_host_setup_notify() function in drivers/misc/vmw_vmci/vmci_host.c. A local user can perform a denial of service (DoS) attack.
6) Improper error handling (CVE-ID: CVE-2023-53438)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/x86/kernel/cpu/mce/internal.h. A local user can perform a denial of service (DoS) attack.
7) Improper locking (CVE-ID: CVE-2025-21801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ravb_suspend() and ravb_resume() functions in drivers/net/ethernet/renesas/ravb_main.c. A local user can perform a denial of service (DoS) attack.
8) Memory leak (CVE-ID: CVE-2025-22073)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the spufs_fill_dir() function in arch/powerpc/platforms/cell/spufs/inode.c. A local user can perform a denial of service (DoS) attack.
9) Use of uninitialized resource (CVE-ID: CVE-2025-38086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ch9200_mdio_read() function in drivers/net/usb/ch9200.c. A local user can perform a denial of service (DoS) attack.
10) Double free (CVE-ID: CVE-2025-38313)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fsl_mc_device_add() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
11) Input validation error (CVE-ID: CVE-2025-38615)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_rename() function in fs/ntfs3/namei.c, within the ni_add_name() and ni_rename() functions in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2025-39752)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rockchip_smp_prepare_cpus() function in arch/arm/mach-rockchip/platsmp.c. A local user can perform a denial of service (DoS) attack.
13) NULL pointer dereference (CVE-ID: CVE-2025-39865)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2025-39866)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.
15) Improper error handling (CVE-ID: CVE-2025-39883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.