SB2025101788 - openEuler 20.03 LTS SP4 update for kernel
Published: October 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2022-50251)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vub300_probe() function in drivers/mmc/host/vub300.c. A local user can perform a denial of service (DoS) attack.
2) Memory leak (CVE-ID: CVE-2022-50278)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnp_alloc_dev() function in drivers/pnp/core.c. A local user can perform a denial of service (DoS) attack.
3) Memory leak (CVE-ID: CVE-2022-50290)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ieee80211_if_add() function in net/mac80211/iface.c. A local user can perform a denial of service (DoS) attack.
4) Memory leak (CVE-ID: CVE-2022-50347)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rtsx_usb_sdmmc_drv_probe() function in drivers/mmc/host/rtsx_usb_sdmmc.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2022-50386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_connect_create_rsp() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
6) Buffer overflow (CVE-ID: CVE-2022-50410)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfsd_proc_read() function in fs/nfsd/nfsproc.c. A local user can escalate privileges on the system.
7) Resource management error (CVE-ID: CVE-2022-50414)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fcoe_init() function in drivers/scsi/fcoe/fcoe.c. A local user can perform a denial of service (DoS) attack.
8) Memory leak (CVE-ID: CVE-2022-50521)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mxm_wmi_call_mxds() and mxm_wmi_call_mxmx() functions in drivers/platform/x86/mxm-wmi.c. A local user can perform a denial of service (DoS) attack.
9) NULL pointer dereference (CVE-ID: CVE-2022-50538)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fake_init() function in drivers/vme/bridges/vme_fake.c. A local user can perform a denial of service (DoS) attack.
10) NULL pointer dereference (CVE-ID: CVE-2023-53220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the az6007_i2c_xfer() function in drivers/media/usb/dvb-usb-v2/az6007.c. A local user can perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2023-53226)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mwifiex_process_mgmt_packet() function in drivers/net/wireless/marvell/mwifiex/util.c. A local user can perform a denial of service (DoS) attack.
12) Use of uninitialized resource (CVE-ID: CVE-2023-53229)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __sta_info_destroy_part1() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.
13) Memory leak (CVE-ID: CVE-2023-53234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the watchdog_cdev_register() function in drivers/watchdog/watchdog_dev.c. A local user can perform a denial of service (DoS) attack.
14) Input validation error (CVE-ID: CVE-2023-53480)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kset_register() function in lib/kobject.c. A local user can perform a denial of service (DoS) attack.
15) NULL pointer dereference (CVE-ID: CVE-2023-53625)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_gvt_debugfs_add_vgpu() function in drivers/gpu/drm/i915/gvt/debugfs.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2025-38700)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsi_conn_setup() function in drivers/scsi/libiscsi.c. A local user can perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2025-38709)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the loop_set_dio(), loop_set_block_size(), lo_simple_ioctl() and lo_ioctl() functions in drivers/block/loop.c. A local user can escalate privileges on the system.
18) Out-of-bounds read (CVE-ID: CVE-2025-39683)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trace_get_user() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.