Main Vulnerability Database SB2025101114

SB2025101114 - openEuler 20.03 LTS SP4 update for kernel

Published: October 11, 2025

Security Bulletin ID SB2025101114

Severity

Low

Patch available

YES

Number of vulnerabilities 28

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 28 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2022-50249)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the of_get_ddr_timings() function in drivers/memory/of_memory.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2022-50275)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the radeon_acpi_vfct_bios() function in drivers/gpu/drm/radeon/radeon_bios.c. A local user can perform a denial of service (DoS) attack.

3) Out-of-bounds read (CVE-ID: CVE-2022-50279)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the _rtl8812ae_get_integer_from_string() and _rtl8812ae_phy_set_txpower_limit() functions in drivers/net/wireless/realtek/rtlwifi/rtl8821ae/phy.c. A local user can perform a denial of service (DoS) attack.

4) Resource management error (CVE-ID: CVE-2022-50297)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the send_eject_command() function in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.

5) Out-of-bounds read (CVE-ID: CVE-2022-50315)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/ata/ahci.h. A local user can perform a denial of service (DoS) attack.

6) Integer overflow (CVE-ID: CVE-2022-50330)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the cpt_ucode_load_fw() function in drivers/crypto/cavium/cpt/cptpf_main.c. A local user can execute arbitrary code.

7) NULL pointer dereference (CVE-ID: CVE-2022-50350)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iscsi_target_handle_csg_one() and iscsi_target_start_negotiation() functions in drivers/target/iscsi/iscsi_target_nego.c. A local user can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2022-50374)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hci_uart_register_device() and hci_uart_unregister_device() functions in drivers/bluetooth/hci_serdev.c. A local user can perform a denial of service (DoS) attack.

9) Use-after-free (CVE-ID: CVE-2022-50384)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tsi148_dma_list_add() function in drivers/vme/bridges/vme_tsi148.c. A local user can escalate privileges on the system.

10) Use-after-free (CVE-ID: CVE-2022-50408)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcmf_netdev_start_xmit() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c. A local user can escalate privileges on the system.

11) Improper error handling (CVE-ID: CVE-2022-50419)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the hci_conn_add_sysfs() function in net/bluetooth/hci_sysfs.c. A local user can perform a denial of service (DoS) attack.

12) NULL pointer dereference (CVE-ID: CVE-2023-53150)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla24xx_bsg_request() function in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.

13) Use of uninitialized resource (CVE-ID: CVE-2023-53165)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the udf_name_from_CS0() function in fs/udf/unicode.c. A local user can perform a denial of service (DoS) attack.

14) Resource management error (CVE-ID: CVE-2023-53215)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the load_balance() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.

15) Memory leak (CVE-ID: CVE-2023-53241)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfsd4_encode_operation() function in fs/nfsd/nfs4xdr.c. A local user can perform a denial of service (DoS) attack.

16) Improper error handling (CVE-ID: CVE-2023-53259)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vmci_host_setup_notify() function in drivers/misc/vmw_vmci/vmci_host.c. A local user can perform a denial of service (DoS) attack.

17) Input validation error (CVE-ID: CVE-2023-53295)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the udf_file_write_iter() function in fs/udf/file.c. A local user can perform a denial of service (DoS) attack.

18) Use-after-free (CVE-ID: CVE-2023-53307)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rbd_dev_release(), __rbd_dev_create(), rbd_dev_create() and rbd_dev_probe_parent() functions in drivers/block/rbd.c. A local user can escalate privileges on the system.

19) Memory leak (CVE-ID: CVE-2023-53318)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the uwrite() function in scripts/recordmcount.c. A local user can perform a denial of service (DoS) attack.

20) Improper error handling (CVE-ID: CVE-2023-53339)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the btrfs_cancel_balance() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.

21) Buffer overflow (CVE-ID: CVE-2023-53400)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the path_has_mixer() and get_line_out_pfx() functions in sound/pci/hda/hda_generic.c. A local user can perform a denial of service (DoS) attack.

22) Use-after-free (CVE-ID: CVE-2023-53432)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fwnet_finish_incoming_packet() function in drivers/firewire/net.c. A local user can escalate privileges on the system.

23) Input validation error (CVE-ID: CVE-2023-53437)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uvc_mc_create_links() function in drivers/media/usb/uvc/uvc_entity.c. A local user can perform a denial of service (DoS) attack.

24) Improper error handling (CVE-ID: CVE-2023-53438)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/x86/kernel/cpu/mce/internal.h. A local user can perform a denial of service (DoS) attack.

25) Use-after-free (CVE-ID: CVE-2025-38724)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfsd4_setclientid_confirm() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.

26) NULL pointer dereference (CVE-ID: CVE-2025-39865)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/tee/tee_shm.c. A local user can perform a denial of service (DoS) attack.

27) Use-after-free (CVE-ID: CVE-2025-39866)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.

28) Improper error handling (CVE-ID: CVE-2025-39883)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2406

Vulnerable Software

openEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2510.1.0.0346
python3-perf: before 4.19.90-2510.1.0.0346
python2-perf-debuginfo: before 4.19.90-2510.1.0.0346
python2-perf: before 4.19.90-2510.1.0.0346
perf-debuginfo: before 4.19.90-2510.1.0.0346
perf: before 4.19.90-2510.1.0.0346
kernel-tools-devel: before 4.19.90-2510.1.0.0346
kernel-tools-debuginfo: before 4.19.90-2510.1.0.0346
kernel-tools: before 4.19.90-2510.1.0.0346
kernel-source: before 4.19.90-2510.1.0.0346
kernel-devel: before 4.19.90-2510.1.0.0346
kernel-debugsource: before 4.19.90-2510.1.0.0346
kernel-debuginfo: before 4.19.90-2510.1.0.0346
bpftool-debuginfo: before 4.19.90-2510.1.0.0346
bpftool: before 4.19.90-2510.1.0.0346
kernel: before 4.19.90-2510.1.0.0346

SB2025101114 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human