Anolis OS update for kernel:6.6
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 504 |
| CVE-ID | CVE-2024-43840 CVE-2024-46751 CVE-2024-56758 CVE-2024-58098 CVE-2024-58100 CVE-2024-58237 CVE-2025-21816 CVE-2025-21839 CVE-2025-21927 CVE-2025-21931 CVE-2025-22028 CVE-2025-22062 CVE-2025-22102 CVE-2025-22119 CVE-2025-22120 CVE-2025-37777 CVE-2025-37797 CVE-2025-37799 CVE-2025-37800 CVE-2025-37801 CVE-2025-37803 CVE-2025-37805 CVE-2025-37808 CVE-2025-37810 CVE-2025-37811 CVE-2025-37812 CVE-2025-37813 CVE-2025-37815 CVE-2025-37817 CVE-2025-37818 CVE-2025-37819 CVE-2025-37820 CVE-2025-37823 CVE-2025-37824 CVE-2025-37828 CVE-2025-37829 CVE-2025-37830 CVE-2025-37831 CVE-2025-37836 CVE-2025-37878 CVE-2025-37879 CVE-2025-37881 CVE-2025-37883 CVE-2025-37884 CVE-2025-37885 CVE-2025-37886 CVE-2025-37887 CVE-2025-37890 CVE-2025-37891 CVE-2025-37897 CVE-2025-37901 CVE-2025-37903 CVE-2025-37905 CVE-2025-37909 CVE-2025-37911 CVE-2025-37912 CVE-2025-37913 CVE-2025-37914 CVE-2025-37915 CVE-2025-37916 CVE-2025-37917 CVE-2025-37918 CVE-2025-37921 CVE-2025-37922 CVE-2025-37923 CVE-2025-37924 CVE-2025-37925 CVE-2025-37927 CVE-2025-37928 CVE-2025-37929 CVE-2025-37930 CVE-2025-37932 CVE-2025-37933 CVE-2025-37935 CVE-2025-37936 CVE-2025-37938 CVE-2025-37947 CVE-2025-37948 CVE-2025-37949 CVE-2025-37951 CVE-2025-37952 CVE-2025-37954 CVE-2025-37956 CVE-2025-37957 CVE-2025-37958 CVE-2025-37959 CVE-2025-37960 CVE-2025-37961 CVE-2025-37962 CVE-2025-37963 CVE-2025-37964 CVE-2025-37967 CVE-2025-37969 CVE-2025-37970 CVE-2025-37972 CVE-2025-37973 CVE-2025-37983 CVE-2025-37984 CVE-2025-37985 CVE-2025-37987 CVE-2025-37988 CVE-2025-37989 CVE-2025-37990 CVE-2025-37991 CVE-2025-37992 CVE-2025-37994 CVE-2025-37995 CVE-2025-37997 CVE-2025-37998 CVE-2025-38000 CVE-2025-38001 CVE-2025-38003 CVE-2025-38004 CVE-2025-38005 CVE-2025-38006 CVE-2025-38007 CVE-2025-38008 CVE-2025-38009 CVE-2025-38010 CVE-2025-38013 CVE-2025-38014 CVE-2025-38015 CVE-2025-38018 CVE-2025-38019 CVE-2025-38020 CVE-2025-38023 CVE-2025-38024 CVE-2025-38027 CVE-2025-38031 CVE-2025-38034 CVE-2025-38035 CVE-2025-38037 CVE-2025-38039 CVE-2025-38040 CVE-2025-38043 CVE-2025-38044 CVE-2025-38045 CVE-2025-38048 CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38059 CVE-2025-38061 CVE-2025-38062 CVE-2025-38063 CVE-2025-38065 CVE-2025-38066 CVE-2025-38067 CVE-2025-38068 CVE-2025-38071 CVE-2025-38072 CVE-2025-38074 CVE-2025-38075 CVE-2025-38077 CVE-2025-38078 CVE-2025-38079 CVE-2025-38080 CVE-2025-38081 CVE-2025-38083 CVE-2025-38084 CVE-2025-38085 CVE-2025-38086 CVE-2025-38087 CVE-2025-38088 CVE-2025-38089 CVE-2025-38090 CVE-2025-38092 CVE-2025-38094 CVE-2025-38095 CVE-2025-38097 CVE-2025-38100 CVE-2025-38102 CVE-2025-38103 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109 CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38115 CVE-2025-38117 CVE-2025-38118 CVE-2025-38119 CVE-2025-38120 CVE-2025-38122 CVE-2025-38123 CVE-2025-38124 CVE-2025-38126 CVE-2025-38127 CVE-2025-38131 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38142 CVE-2025-38143 CVE-2025-38145 CVE-2025-38146 CVE-2025-38147 CVE-2025-38148 CVE-2025-38149 CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38157 CVE-2025-38158 CVE-2025-38159 CVE-2025-38160 CVE-2025-38161 CVE-2025-38163 CVE-2025-38165 CVE-2025-38166 CVE-2025-38167 CVE-2025-38170 CVE-2025-38173 CVE-2025-38174 CVE-2025-38177 CVE-2025-38180 CVE-2025-38181 CVE-2025-38182 CVE-2025-38183 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38191 CVE-2025-38192 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38198 CVE-2025-38200 CVE-2025-38202 CVE-2025-38208 CVE-2025-38211 CVE-2025-38212 CVE-2025-38214 CVE-2025-38215 CVE-2025-38217 CVE-2025-38218 CVE-2025-38219 CVE-2025-38220 CVE-2025-38222 CVE-2025-38225 CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38230 CVE-2025-38231 CVE-2025-38236 CVE-2025-38239 CVE-2025-38244 CVE-2025-38245 CVE-2025-38246 CVE-2025-38249 CVE-2025-38250 CVE-2025-38251 CVE-2025-38255 CVE-2025-38257 CVE-2025-38258 CVE-2025-38259 CVE-2025-38260 CVE-2025-38262 CVE-2025-38263 CVE-2025-38264 CVE-2025-38265 CVE-2025-38274 CVE-2025-38275 CVE-2025-38277 CVE-2025-38278 CVE-2025-38280 CVE-2025-38282 CVE-2025-38283 CVE-2025-38285 CVE-2025-38286 CVE-2025-38290 CVE-2025-38293 CVE-2025-38295 CVE-2025-38298 CVE-2025-38300 CVE-2025-38304 CVE-2025-38305 CVE-2025-38307 CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38320 CVE-2025-38321 CVE-2025-38322 CVE-2025-38323 CVE-2025-38324 CVE-2025-38326 CVE-2025-38328 CVE-2025-38331 CVE-2025-38332 CVE-2025-38334 CVE-2025-38335 CVE-2025-38336 CVE-2025-38337 CVE-2025-38338 CVE-2025-38342 CVE-2025-38343 CVE-2020-26145 CVE-2025-38344 CVE-2025-38345 CVE-2025-38346 CVE-2025-38347 CVE-2025-38348 CVE-2025-38349 CVE-2025-38352 CVE-2025-38354 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364 CVE-2025-38365 CVE-2025-38368 CVE-2025-38369 CVE-2025-38371 CVE-2025-38375 CVE-2025-38376 CVE-2025-38377 CVE-2025-38382 CVE-2025-38384 CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38399 CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38406 CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38415 CVE-2025-38416 CVE-2025-38418 CVE-2025-38419 CVE-2025-38420 CVE-2025-38422 CVE-2025-38424 CVE-2025-38425 CVE-2025-38427 CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38437 CVE-2025-38439 CVE-2025-38441 CVE-2025-38443 CVE-2025-38444 CVE-2025-38445 CVE-2025-38448 CVE-2025-38449 CVE-2025-38451 CVE-2025-38455 CVE-2025-38456 CVE-2025-38457 CVE-2025-38458 CVE-2025-38459 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38467 CVE-2025-38468 CVE-2025-38469 CVE-2025-38470 CVE-2025-38471 CVE-2025-38472 CVE-2025-38473 CVE-2025-38474 CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481 CVE-2025-38482 CVE-2025-38483 CVE-2025-38485 CVE-2025-38487 CVE-2025-38488 CVE-2024-50047 CVE-2025-38489 CVE-2025-38490 CVE-2025-38491 CVE-2025-38493 CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38498 CVE-2025-38499 CVE-2025-38500 CVE-2025-38501 CVE-2025-38503 CVE-2025-38510 CVE-2025-38512 CVE-2025-27558 CVE-2020-24588 CVE-2025-38513 CVE-2025-38514 CVE-2025-38515 CVE-2025-38516 CVE-2025-38520 CVE-2025-38524 CVE-2025-38526 CVE-2025-38527 CVE-2025-38528 CVE-2025-38529 CVE-2025-38530 CVE-2025-38532 CVE-2025-38533 CVE-2025-38535 CVE-2025-38537 CVE-2025-38538 CVE-2025-38539 CVE-2025-38540 CVE-2025-38542 CVE-2025-38543 CVE-2025-38544 CVE-2025-38546 CVE-2025-38548 CVE-2025-38550 CVE-2025-38552 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560 CVE-2025-38561 CVE-2025-38562 CVE-2025-38563 CVE-2025-38565 CVE-2025-38566 CVE-2025-38568 CVE-2025-38569 CVE-2025-38571 CVE-2025-38572 CVE-2025-38574 CVE-2025-38576 CVE-2025-38577 CVE-2025-38578 CVE-2025-38579 CVE-2025-38581 CVE-2025-38583 CVE-2025-38587 CVE-2025-38588 CVE-2025-38590 CVE-2025-38601 CVE-2025-38602 CVE-2025-38604 CVE-2025-38608 CVE-2025-38609 CVE-2025-38610 CVE-2025-38612 CVE-2025-38615 CVE-2025-38617 CVE-2025-38618 CVE-2025-38622 CVE-2025-38623 CVE-2025-38624 CVE-2025-38625 CVE-2025-38626 CVE-2025-38630 CVE-2025-38632 CVE-2025-38634 CVE-2025-38635 CVE-2025-38639 CVE-2025-38640 CVE-2025-38644 CVE-2025-38645 CVE-2025-38646 CVE-2025-38648 CVE-2025-38650 CVE-2025-38652 CVE-2025-38653 CVE-2025-38659 CVE-2025-38663 CVE-2025-38664 CVE-2025-38665 CVE-2025-38666 CVE-2025-38668 CVE-2025-38670 CVE-2025-38671 CVE-2025-39702 CVE-2025-39711 CVE-2025-39726 CVE-2025-39730 CVE-2025-39731 CVE-2025-39734 CVE-2025-39746 CVE-2025-39790 CVE-2025-39833 CVE-2025-39866 CVE-2025-39989 |
| CWE-ID | CWE-399 CWE-682 CWE-476 CWE-835 CWE-119 CWE-667 CWE-416 CWE-20 CWE-401 CWE-125 CWE-415 CWE-388 CWE-908 CWE-190 CWE-362 CWE-404 CWE-366 CWE-369 CWE-191 CWE-787 CWE-665 CWE-269 CWE-617 CWE-345 CWE-451 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #77 is available. Public exploit code for vulnerability #111 is available. Public exploit code for vulnerability #165 is available. Vulnerability #311 is being exploited in the wild. Public exploit code for vulnerability #405 is available. |
| Vulnerable software |
Anolis OS Operating systems & Components / Operating system kernel-64k-devel Operating systems & Components / Operating system package or component kernel-64k-debug-devel Operating systems & Components / Operating system package or component kernel-64k-debug Operating systems & Components / Operating system package or component kernel-64k Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-libs-devel Operating systems & Components / Operating system package or component kernel-tools-libs Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debug-devel Operating systems & Components / Operating system package or component kernel-debug Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component |
| Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains information about 504 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU96178
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-43840
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the prepare_trampoline() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Incorrect calculation
EUVDB-ID: #VU97561
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46751
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the btrfs_item_ptr() and spin_lock() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU102398
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56758
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the relocate_one_folio() function in fs/btrfs/relocation.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU108686
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58098
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the check_func_call(), mark_subprog_changes_pkt_data(), visit_func_call_insn() and visit_insn() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU108687
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58100
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvfree(), jit_subprogs(), bpf_check_attach_target() and bpf_check() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU108688
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58237
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the subprog_tc() function in tools/testing/selftests/bpf/progs/tc_bpf2bpf.c, within the bpf_helper_changes_pkt_data() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU105157
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21816
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the HRTIMER_ACTIVE_SOFT(), DEFINE_PER_CPU(), hrtimer_base_is_online(), lock_hrtimer_base(), raw_spin_unlock(), WRITE_ONCE(), hrtimer_is_hres_enabled() and __hrtimer_start_range_ns() functions in kernel/time/hrtimer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Infinite loop
EUVDB-ID: #VU105468
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21839
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the vcpu_enter_guest() function in arch/x86/kvm/x86.c, within the vmx_sync_dirty_debug_regs() and vmx_vcpu_run() functions in arch/x86/kvm/vmx/vmx.c, within the new_asid() and svm_vcpu_run() functions in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU106844
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21927
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nvme_tcp_queue_id() and nvme_tcp_recv_pdu() functions in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU106783
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21931
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_migrate_range() function in mm/memory_hotplug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU107785
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22028
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vimc_streamer_pipeline_terminate() function in drivers/media/test-drivers/vimc/vimc-streamer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU107727
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22062
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the proc_sctp_do_auth() and proc_sctp_do_udp_port() functions in net/sctp/sysctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU107744
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22102
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nxp_download_firmware() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU107742
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22119
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the INIT_WORK() function in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU107796
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22120
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_setattr() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU108236
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37777
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_transport() function in fs/smb/server/transport_tcp.c, within the ksmbd_conn_free() function in fs/smb/server/connection.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU108391
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37797
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_change_class() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory leak
EUVDB-ID: #VU108401
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37799
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU108796
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37800
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_uevent_name() and dev_uevent() functions in drivers/base/core.c, within the bus_rescan_devices_helper() function in drivers/base/bus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU108797
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37801
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the spi_imx_transfer_one() function in drivers/spi/spi-imx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU108822
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37803
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udmabuf_create() function in drivers/dma-buf/udmabuf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU108809
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37805
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtsnd_pcm_parse_cfg() function in sound/virtio/virtio_pcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource management error
EUVDB-ID: #VU108820
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37808
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_MUTEX(), MODULE_ALIAS_CRYPTO() and EXPORT_SYMBOL_GPL() functions in crypto/crypto_null.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU108791
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37810
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dwc3_check_event_buf() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU108800
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37811
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpu_latency_qos_remove_request() and ci_hdrc_imx_remove() functions in drivers/usb/chipidea/ci_hdrc_imx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper locking
EUVDB-ID: #VU108810
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37812
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cdns3_device_thread_irq_handler() function in drivers/usb/cdns3/cdns3-gadget.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU108813
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37813
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the xhci_queue_ctrl_tx() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper locking
EUVDB-ID: #VU108811
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37815
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci1xxxx_gpio_irq_handler() function in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Double free
EUVDB-ID: #VU108815
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37817
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the chameleon_parse_gdd() function in drivers/mcb/mcb-parse.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU108814
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the huge_pte_offset() function in arch/loongarch/mm/hugetlbpage.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Double free
EUVDB-ID: #VU108816
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37819
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gicv2m_of_init() function in drivers/irqchip/irq-gic-v2m.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Memory leak
EUVDB-ID: #VU108789
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37820
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xennet_run_xdp() function in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Input validation error
EUVDB-ID: #VU108825
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37823
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hfsc_dequeue() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU108803
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37824
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_mon_reinit_self() function in net/tipc/monitor.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU108804
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37828
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ufshcd_mcq_abort() function in drivers/ufs/core/ufs-mcq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU108805
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37829
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_cpufreq_get_rate() function in drivers/cpufreq/scpi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) NULL pointer dereference
EUVDB-ID: #VU108806
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37830
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scmi_cpufreq_get_rate() function in drivers/cpufreq/scmi-cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU108807
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37831
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the apple_soc_cpufreq_get_rate() function in drivers/cpufreq/apple-soc-cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Memory leak
EUVDB-ID: #VU108851
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37836
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_register_host_bridge() function in drivers/pci/probe.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Resource management error
EUVDB-ID: #VU108895
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37878
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the inherit_event() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Incorrect calculation
EUVDB-ID: #VU108897
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37879
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the p9_client_read_once(), p9_client_write(), EXPORT_SYMBOL_GPL() and p9_client_readdir() functions in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper error handling
EUVDB-ID: #VU108880
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37881
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ast_vhub_init_dev() function in drivers/usb/gadget/udc/aspeed-vhub/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Memory leak
EUVDB-ID: #VU108857
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37883
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __sclp_console_free_pages() and sclp_console_init() functions in drivers/s390/char/sclp_con.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper locking
EUVDB-ID: #VU108878
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37884
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __set_printk_clr_event() and bpf_get_trace_vprintk_proto() functions in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU108860
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37885
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmx_pi_update_irte() function in arch/x86/kvm/vmx/posted_intr.c, within the avic_pi_update_irte() function in arch/x86/kvm/svm/avic.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU108890
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37886
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_q_map() function in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pdsc_adminq_isr(), __pdsc_adminq_post() and pdsc_adminq_post() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU108891
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37887
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_dl_info_get() function in drivers/net/ethernet/amd/pds_core/devlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU109282
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37890
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Buffer overflow
EUVDB-ID: #VU109432
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37891
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the include/sound/ump_convert.h. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper locking
EUVDB-ID: #VU109540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37897
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the plfxlc_mac_init_hw() function in drivers/net/wireless/purelifi/plfxlc/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Input validation error
EUVDB-ID: #VU109543
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37901
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qcom_mpm_alloc() function in drivers/irqchip/irq-qcom-mpm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use-after-free
EUVDB-ID: #VU109501
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37903
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_update_display(), hdcp_remove_display(), hdcp_reset_display() and update_config() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Memory leak
EUVDB-ID: #VU109492
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37905
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the scmi_child_dev_find() function in drivers/firmware/arm_scmi/bus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Memory leak
EUVDB-ID: #VU109493
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37909
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lan743x_tx_frame_add_lso(), lan743x_tx_frame_add_fragment() and lan743x_tx_frame_end() functions in drivers/net/ethernet/microchip/lan743x_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU109514
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37911
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_hwrm_dbg_dma_data() function in drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) NULL pointer dereference
EUVDB-ID: #VU109521
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37912
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_vc_add_fdir_fltr() function in drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Use-after-free
EUVDB-ID: #VU109502
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37913
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and qfq_enqueue() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU109503
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37914
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and ets_qdisc_enqueue() functions in net/sched/sch_ets.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU109504
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37915
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Use-after-free
EUVDB-ID: #VU109505
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37916
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pdsc_auxbus_dev_del() function in drivers/net/ethernet/amd/pds_core/auxbus.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Improper locking
EUVDB-ID: #VU109538
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37917
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtk_star_tx_poll() and mtk_star_rx_poll() functions in drivers/net/ethernet/mediatek/mtk_star_emac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) NULL pointer dereference
EUVDB-ID: #VU109522
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btusb_coredump_qca(), handle_dump_pkt_qca() and acl_pkt_is_dump_qca() functions in drivers/bluetooth/btusb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper locking
EUVDB-ID: #VU109536
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37921
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vxlan_vni_delete_group() function in drivers/net/vxlan/vxlan_vnifilter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use-after-free
EUVDB-ID: #VU109506
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37922
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the radix__vmemmap_populate() function in arch/powerpc/mm/book3s64/radix_pgtable.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Buffer overflow
EUVDB-ID: #VU109575
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37923
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tracing_splice_read_pipe() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU109507
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37924
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the krb5_authenticate() function in fs/smb/server/smb2pdu.c, within the ksmbd_krb5_authenticate() function in fs/smb/server/auth.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper locking
EUVDB-ID: #VU107734
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37925
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the duplicateIXtree() function in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Buffer overflow
EUVDB-ID: #VU109555
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37927
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/iommu/amd/init.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Improper error handling
EUVDB-ID: #VU109549
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37928
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __scan() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper error handling
EUVDB-ID: #VU109550
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the spectre_bhb_loop_affected() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Resource management error
EUVDB-ID: #VU109571
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37930
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nouveau_fence_context_kill() function in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Resource management error
EUVDB-ID: #VU109572
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37932
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the htb_qlen_notify() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Input validation error
EUVDB-ID: #VU109584
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37933
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the octep_hb_timeout_task() function in drivers/net/ethernet/marvell/octeon_ep/octep_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Input validation error
EUVDB-ID: #VU109577
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37935
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/mediatek/mtk_eth_soc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Resource management error
EUVDB-ID: #VU109561
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37936
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the intel_guest_get_msrs() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Use-after-free
EUVDB-ID: #VU109509
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37938
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the test_event_printk() function in kernel/trace/trace_events.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Out-of-bounds read
EUVDB-ID: #VU109515
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2025-37947
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ksmbd_vfs_stream_write() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
78) Input validation error
EUVDB-ID: #VU109581
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pr_fmt(), build_plt(), build_epilogue() and bpf_int_jit_compile() functions in arch/arm64/net/bpf_jit_comp.c, within the this_cpu_set_vectors() function in arch/arm64/kernel/proton-pack.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Improper locking
EUVDB-ID: #VU109533
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xs_suspend_exit(), xs_send(), xs_wait_for_reply(), xenbus_dev_request_and_reply() and xs_talkv() functions in drivers/xen/xenbus/xenbus_xs.c, within the xenbus_dev_queue_reply() function in drivers/xen/xenbus/xenbus_dev_frontend.c, within the process_msg() and process_writes() functions in drivers/xen/xenbus/xenbus_comms.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Memory leak
EUVDB-ID: #VU109495
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37951
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v3d_gpu_reset_for_timeout(), v3d_cl_job_timedout() and v3d_csd_job_timedout() functions in drivers/gpu/drm/v3d/v3d_sched.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Use-after-free
EUVDB-ID: #VU109510
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37952
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __close_file_table_ids() function in fs/smb/server/vfs_cache.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Memory leak
EUVDB-ID: #VU109496
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the find_or_create_cached_dir() function in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Buffer overflow
EUVDB-ID: #VU109576
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37956
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the smb2_get_name() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Use-after-free
EUVDB-ID: #VU109511
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37957
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the shutdown_interception() function in arch/x86/kvm/svm/svm.c, within the kvm_smm_changed() function in arch/x86/kvm/smm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Improper locking
EUVDB-ID: #VU109532
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37958
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_huge_pmd_locked() and split_huge_pmd_locked() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Input validation error
EUVDB-ID: #VU109583
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37959
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the skb_do_redirect() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Resource management error
EUVDB-ID: #VU109562
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37960
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the memblock_double_array() function in mm/memblock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use of uninitialized resource
EUVDB-ID: #VU109552
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37961
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __mtu_check_toobig_v6(), do_output_route4() and __ip_vs_get_out_rt() functions in net/netfilter/ipvs/ip_vs_xmit.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Memory leak
EUVDB-ID: #VU109498
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37962
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_lease_state() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Input validation error
EUVDB-ID: #VU109582
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_bhb_mitigation() function in arch/arm64/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Resource management error
EUVDB-ID: #VU109563
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37964
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the switch_mm_irqs_off() and should_flush_tlb() functions in arch/x86/mm/tlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Improper locking
EUVDB-ID: #VU109530
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37967
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ucsi_set_drvdata() function in drivers/usb/typec/ucsi/ucsi.c, within the ucsi_displayport_enter(), ucsi_displayport_exit() and ucsi_displayport_vdm() functions in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Infinite loop
EUVDB-ID: #VU109557
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37969
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the st_lsm6dsx_read_tagged_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Improper locking
EUVDB-ID: #VU109528
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37970
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the st_lsm6dsx_read_fifo() function in drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) NULL pointer dereference
EUVDB-ID: #VU109518
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37972
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_pmic_keys_lp_reset_setup() function in drivers/input/keyboard/mtk-pmic-keys.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Buffer overflow
EUVDB-ID: #VU109564
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37973
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cfg80211_defrag_mle() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Memory leak
EUVDB-ID: #VU109579
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37983
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qibfs_mknod() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Integer overflow
EUVDB-ID: #VU109553
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37984
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ecdsa_x962_verify() function in crypto/ecdsa-x962.c, within the ecdsa_p1363_verify() function in crypto/ecdsa-p1363.c, within the EXPORT_SYMBOL() function in crypto/ecc.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Race condition
EUVDB-ID: #VU109559
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37985
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the pidff_reset() function in drivers/hid/usbhid/hid-pidff.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Buffer overflow
EUVDB-ID: #VU109567
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37987
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pdsc_core_init() function in drivers/net/ethernet/amd/pds_core/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Improper locking
EUVDB-ID: #VU109527
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37988
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_lock_mount() and lock_mount() functions in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Use-after-free
EUVDB-ID: #VU109499
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37989
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_led_triggers_register() and phy_led_triggers_unregister() functions in drivers/net/phy/phy_led_triggers.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Improper error handling
EUVDB-ID: #VU109545
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37990
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the brcmf_usb_dl_writeimage() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Improper error handling
EUVDB-ID: #VU109546
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37991
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the handle_fpe() function in arch/parisc/math-emu/driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) NULL pointer dereference
EUVDB-ID: #VU109952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37992
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_change() function in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) NULL pointer dereference
EUVDB-ID: #VU109951
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37994
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_displayport_remove_partner() function in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Improper error handling
EUVDB-ID: #VU109956
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37995
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the module_kobj_release() function in kernel/params.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Improper locking
EUVDB-ID: #VU109954
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37997
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/netfilter/ipset/ip_set_hash_gen.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Incorrect calculation
EUVDB-ID: #VU109958
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37998
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the output_userspace() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Use-after-free
EUVDB-ID: #VU110683
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38000
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Use-after-free
EUVDB-ID: #VU110681
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2025-38001
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_in_el_or_vttree(), hfsc_change_class() and hfsc_enqueue() functions in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
112) Use-after-free
EUVDB-ID: #VU110680
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcm_proc_show(), bcm_delete_rx_op(), bcm_delete_tx_op() and bcm_rx_setup() functions in net/can/bcm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Improper locking
EUVDB-ID: #VU110685
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38004
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bcm_can_tx(), bcm_tx_timeout_handler() and bcm_tx_setup() functions in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Improper locking
EUVDB-ID: #VU111605
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38005
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the udma_check_tx_completion() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Input validation error
EUVDB-ID: #VU111699
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38006
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mctp_dump_addrinfo() function in net/mctp/device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) NULL pointer dereference
EUVDB-ID: #VU111563
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38007
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uclogic_input_configured() function in drivers/hid/hid-uclogic-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Input validation error
EUVDB-ID: #VU111607
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38008
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kvm_xen_vcpu_set_attr() function in arch/x86/kvm/xen.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Improper resource shutdown or release
EUVDB-ID: #VU111689
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38009
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the mt76_dma_cleanup() function in drivers/net/wireless/mediatek/mt76/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Race condition
EUVDB-ID: #VU111650
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38010
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the DATA0_VAL_PD BIT(), DECLARE_BITMAP(), tegra186_utmi_bias_pad_power_on(), tegra186_utmi_bias_pad_power_off(), tegra186_utmi_pad_power_on() and tegra186_utmi_pad_power_down() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Out-of-bounds read
EUVDB-ID: #VU111488
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38013
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_register_hw() function in net/mac80211/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Input validation error
EUVDB-ID: #VU111704
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38014
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_new_node_page() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Memory leak
EUVDB-ID: #VU111417
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38015
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the idxd_alloc() function in drivers/dma/idxd/init.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) NULL pointer dereference
EUVDB-ID: #VU111561
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38018
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_strp_read_copy() function in net/tls/tls_strp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Use-after-free
EUVDB-ID: #VU111471
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38019
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_neigh_rif_made_sync() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) NULL pointer dereference
EUVDB-ID: #VU111560
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38020
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_fix_uplink_rep_features() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Use-after-free
EUVDB-ID: #VU111469
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38023
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_alloc_unlockdata() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Use-after-free
EUVDB-ID: #VU111468
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38024
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_cq_from_init() function in drivers/infiniband/sw/rxe/rxe_cq.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Buffer overflow
EUVDB-ID: #VU111664
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38027
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the max20086_regulators_register() and max20086_parse_regulators_dt() functions in drivers/regulator/max20086-regulator.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Memory leak
EUVDB-ID: #VU111418
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38031
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the padata_reorder() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) NULL pointer dereference
EUVDB-ID: #VU111557
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38034
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/trace/events/btrfs.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) NULL pointer dereference
EUVDB-ID: #VU111555
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38035
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_restore_socket_callbacks() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Race condition within a thread
EUVDB-ID: #VU111645
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38037
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the vxlan_fdb_info(), vxlan_find_mac(), vxlan_fdb_update_existing(), vxlan_snoop() and vxlan_cleanup() functions in drivers/net/vxlan.c. A local user can corrupt data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Input validation error
EUVDB-ID: #VU112271
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38039
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_setup_tc_mqprio() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Improper locking
EUVDB-ID: #VU111601
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38040
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the stm32_usart_enable_ms() function in drivers/tty/serial/stm32-usart.c, within the sci_shutdown() function in drivers/tty/serial/sh-sci.c, within the mctrl_gpio_enable_ms() and mctrl_gpio_disable_ms() functions in drivers/tty/serial/serial_mctrl_gpio.c, within the imx_uart_shutdown() function in drivers/tty/serial/imx.c, within the atmel_disable_ms() function in drivers/tty/serial/atmel_serial.c, within the serial8250_disable_ms() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Resource management error
EUVDB-ID: #VU111671
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38043
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mt76_dma_cleanup() function in drivers/net/wireless/mediatek/mt76/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Input validation error
EUVDB-ID: #VU111700
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5e_setup_tc_mqprio() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Input validation error
EUVDB-ID: #VU111701
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the _iwl_dbg_tlv_time_point() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Race condition within a thread
EUVDB-ID: #VU111646
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38048
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to a data race within the virtqueue_enable_cb_delayed() function in drivers/virtio/virtio_ring.c. A local user can corrupt data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Use-after-free
EUVDB-ID: #VU111466
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38051
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the find_cifs_entry() function in fs/cifs/readdir.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Use-after-free
EUVDB-ID: #VU111465
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38052
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_aead_encrypt() and tipc_aead_encrypt_done() functions in net/tipc/crypto.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Incorrect calculation
EUVDB-ID: #VU111678
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38058
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __legitimize_mnt() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) NULL pointer dereference
EUVDB-ID: #VU111550
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38059
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scrub_find_fill_first_stripe() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Out-of-bounds read
EUVDB-ID: #VU111490
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38061
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pktgen_thread_write() function in net/core/pktgen.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Use-after-free
EUVDB-ID: #VU111464
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38062
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iommu_dma_prepare_msi() function in drivers/iommu/dma-iommu.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Improper locking
EUVDB-ID: #VU111600
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38063
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __send_empty_flush() function in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Input validation error
EUVDB-ID: #VU111702
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38065
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the orangefs_writepage_locked() and orangefs_writepages_work() functions in fs/orangefs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Improper locking
EUVDB-ID: #VU111598
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38066
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Input validation error
EUVDB-ID: #VU111703
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38067
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rseq_get_rseq_cs_ptr_val(), rseq_get_rseq_cs(), rseq_need_restart(), clear_rseq_cs(), rseq_ip_fixup() and SYSCALL_DEFINE4() functions in kernel/rseq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Buffer overflow
EUVDB-ID: #VU111661
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38068
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lzo1x_1_do_compress() and lzogeneric1x_1_compress() functions in lib/lzo/lzo1x_compress.c, within the obj-$() function in lib/lzo/Makefile, within the __lzo_compress() function in crypto/lzo.c, within the __lzorle_compress() function in crypto/lzo-rle.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Use-after-free
EUVDB-ID: #VU111462
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38071
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Division by zero
EUVDB-ID: #VU111639
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38072
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the nd_label_data_init() function in drivers/nvdimm/label.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Use-after-free
EUVDB-ID: #VU111536
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38074
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) NULL pointer dereference
EUVDB-ID: #VU111547
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38075
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iscsit_close_connection() function in drivers/target/iscsi/iscsi_target.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Buffer overflow
EUVDB-ID: #VU111636
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38077
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the current_password_store() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Use-after-free
EUVDB-ID: #VU111460
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38078
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_pcm_buffer_access_unlock() function in sound/core/pcm_native.c, within the snd_pcm_oss_change_params_locked() function in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Use-after-free
EUVDB-ID: #VU111459
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38079
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hash_accept() function in crypto/algif_hash.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Buffer overflow
EUVDB-ID: #VU111662
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38080
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/amd/display/dc/inc/core_types.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Out-of-bounds read
EUVDB-ID: #VU111491
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38081
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rockchip_spi_config() function in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Race condition
EUVDB-ID: #VU111647
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38083
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the prio_tune() function in net/sched/sch_prio.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Improper locking
EUVDB-ID: #VU112119
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38084
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_vma() function in mm/vma.c, within the hugetlb_vma_lock_free(), hugetlb_vm_op_split(), move_hugetlb_state() and hugetlb_unshare_pmds() functions in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Buffer overflow
EUVDB-ID: #VU112121
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38085
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the huge_pmd_unshare() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Use of uninitialized resource
EUVDB-ID: #VU112120
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38086
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ch9200_mdio_read() function in drivers/net/usb/ch9200.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Use-after-free
EUVDB-ID: #VU112115
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38087
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the taprio_dev_notifier() function in net/sched/sch_taprio.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Out-of-bounds read
EUVDB-ID: #VU112116
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38088
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the memtrace_read() function in arch/powerpc/platforms/powernv/memtrace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) NULL pointer dereference
EUVDB-ID: #VU112118
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2025-38089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svc_process_common() function in net/sunrpc/svc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
166) Buffer overflow
EUVDB-ID: #VU112123
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38090
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the riocm_ch_send() function in drivers/rapidio/rio_cm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) NULL pointer dereference
EUVDB-ID: #VU112117
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38092
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opinfo_get_list() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Improper locking
EUVDB-ID: #VU112240
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38094
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the macb_update_stats() function in drivers/net/ethernet/cadence/macb_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) NULL pointer dereference
EUVDB-ID: #VU112221
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dma_resv_add_fence() function in drivers/dma-buf/dma-resv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Memory leak
EUVDB-ID: #VU112169
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38097
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __xfrm_state_delete() function in net/xfrm/xfrm_state.c, within the esp_ssg_unref(), esp6_find_tcp_sk(), esp_output_tcp_finish() and esp6_output_tcp_encap() functions in net/ipv6/esp6.c, within the esp_ssg_unref(), esp_find_tcp_sk(), esp_output_tcp_finish() and esp_output_tcp_encap() functions in net/ipv4/esp4.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Memory leak
EUVDB-ID: #VU112172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38100
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the copy_thread() and native_tss_update_io_bitmap() functions in arch/x86/kernel/process.c, within the io_bitmap_share(), io_bitmap_exit() and SYSCALL_DEFINE1() functions in arch/x86/kernel/ioport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Double free
EUVDB-ID: #VU112243
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38102
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drv_cp_harray_to_user() and vmci_host_setup_notify() functions in drivers/misc/vmw_vmci/vmci_host.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Out-of-bounds read
EUVDB-ID: #VU112193
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38103
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cpu_to_le16(), hidg_setup() and hidg_bind() functions in drivers/usb/gadget/function/f_hid.c, within the usbhid_parse() function in drivers/hid/usbhid/hid-core.c, within the mousevsc_on_receive_device_info() function in drivers/hid/hid-hyperv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Integer underflow
EUVDB-ID: #VU112249
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38107
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Improper locking
EUVDB-ID: #VU112225
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38108
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __red_change() function in net/sched/sch_red.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Use-after-free
EUVDB-ID: #VU112180
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38109
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_eswitch_enable_pf_vf_vports() and mlx5_eswitch_disable_pf_vf_vports() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Out-of-bounds write
EUVDB-ID: #VU112259
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38110
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the __mdiobus_c45_read() and __mdiobus_c45_write() functions in drivers/net/phy/mdio_bus.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Out-of-bounds read
EUVDB-ID: #VU112195
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38111
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __mdiobus_read() and __mdiobus_write() functions in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) NULL pointer dereference
EUVDB-ID: #VU112220
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38112
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/net/sock.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) NULL pointer dereference
EUVDB-ID: #VU112219
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38113
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cppc_allow_fast_switch() function in drivers/acpi/cppc_acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Input validation error
EUVDB-ID: #VU112263
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38115
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the net/sched/sch_sfq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Improper locking
EUVDB-ID: #VU112228
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38117
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mgmt_cmd_complete(), mgmt_pending_new(), mgmt_pending_add() and mgmt_pending_free() functions in net/bluetooth/mgmt_util.c, within the settings_rsp(), cmd_complete_rsp(), mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_le_complete(), set_mesh_complete(), mgmt_class_complete(), pairing_complete(), mgmt_add_adv_patterns_monitor_complete(), mgmt_remove_adv_monitor_complete(), start_discovery_complete(), stop_discovery_complete(), set_advertising_complete(), set_bredr_complete(), set_secure_conn_complete(), get_conn_info_complete(), get_clock_info_complete(), add_advertising_complete(), add_ext_adv_params_complete(), add_ext_adv_data_complete(), remove_advertising_complete(), mgmt_index_removed(), mgmt_power_on(), __mgmt_power_off(), unpair_device_rsp(), mgmt_disconnect_failed(), mgmt_auth_enable_complete() and mgmt_set_class_of_dev_complete() functions in net/bluetooth/mgmt.c, within the hci_alloc_dev_priv() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Use-after-free
EUVDB-ID: #VU112183
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38118
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mgmt_adv_monitor_added(), __add_adv_patterns_monitor(), mgmt_remove_adv_monitor_complete() and remove_adv_monitor() functions in net/bluetooth/mgmt.c, within the hci_free_adv_monitor() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Improper locking
EUVDB-ID: #VU112229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38119
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ufshcd_err_handler() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Memory leak
EUVDB-ID: #VU112173
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38120
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_pipapo_avx2_estimate() and nft_pipapo_avx2_lookup() functions in net/netfilter/nft_set_pipapo_avx2.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) NULL pointer dereference
EUVDB-ID: #VU112217
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38122
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_tx_add_skb_dqo() function in drivers/net/ethernet/google/gve/gve_tx_dqo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) NULL pointer dereference
EUVDB-ID: #VU112216
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38123
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the t7xx_ccmni_wwan_newlink(), t7xx_ccmni_wwan_dellink(), t7xx_ccmni_recv_skb(), t7xx_ccmni_queue_tx_irq_notify() and t7xx_ccmni_queue_state_notify() functions in drivers/net/wwan/t7xx/t7xx_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Improper locking
EUVDB-ID: #VU112230
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38124
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __udp_gso_segment() function in net/ipv4/udp_offload.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Improper error handling
EUVDB-ID: #VU112244
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38126
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the stmmac_ptp_register() function in drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c, within the stmmac_init_tstamp_counter() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Improper locking
EUVDB-ID: #VU112232
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38127
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ice_map_xdp_rings(), ice_prepare_xdp_rings(), mutex_unlock(), ice_destroy_xdp_rings() and ice_xdp_setup_prog() functions in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Use-after-free
EUVDB-ID: #VU112185
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38131
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL(), _cscfg_activate_config(), _cscfg_deactivate_config(), cscfg_csdev_enable_active_config() and cscfg_csdev_disable_active_config() functions in drivers/hwtracing/coresight/coresight-syscfg.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) NULL pointer dereference
EUVDB-ID: #VU112212
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38135
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlb_usio_probe() function in drivers/tty/serial/milbeaut_usio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Use of uninitialized resource
EUVDB-ID: #VU112248
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38136
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the usbhs_probe() and usbhs_fifo_remove() functions in drivers/usb/renesas_usbhs/common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) NULL pointer dereference
EUVDB-ID: #VU112201
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38138
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the udma_probe() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Input validation error
EUVDB-ID: #VU112267
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the asus_ec_hwmon_read_string() function in drivers/hwmon/asus-ec-sensors.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) NULL pointer dereference
EUVDB-ID: #VU112211
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38143
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wled_configure() function in drivers/video/backlight/qcom-wled.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) NULL pointer dereference
EUVDB-ID: #VU112209
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38145
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() function in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Out-of-bounds read
EUVDB-ID: #VU112197
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38146
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the key_extract_l3l4() function in net/openvswitch/flow.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Memory leak
EUVDB-ID: #VU112175
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38147
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netlbl_conn_setattr() function in net/netlabel/netlabel_kapi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Memory leak
EUVDB-ID: #VU112176
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38148
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vsc85xx_txtstamp() function in drivers/net/phy/mscc/mscc_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) NULL pointer dereference
EUVDB-ID: #VU112208
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38149
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Improper locking
EUVDB-ID: #VU112235
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38151
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cma_netevent_callback() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Improper error handling
EUVDB-ID: #VU112245
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38153
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the aqc111_read_cmd_nopm() and aqc111_read_cmd() functions in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Improper locking
EUVDB-ID: #VU112237
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38154
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_backlog() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) NULL pointer dereference
EUVDB-ID: #VU112207
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38155
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7915_mmio_wed_init() function in drivers/net/wireless/mediatek/mt76/mt7915/mmio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Out-of-bounds read
EUVDB-ID: #VU112198
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38157
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_swba() function in drivers/net/wireless/ath/ath9k/htc_drv_beacon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Input validation error
EUVDB-ID: #VU112266
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38158
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_qm_func_stop(), vf_qm_check_match(), vf_qm_get_match_data() and vf_qm_read_data() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Out-of-bounds read
EUVDB-ID: #VU112199
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38159
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_coex_tdma_timer_base() function in drivers/net/wireless/realtek/rtw88/coex.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Improper error handling
EUVDB-ID: #VU112246
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38160
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the raspberrypi_clk_register() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Use-after-free
EUVDB-ID: #VU112191
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38161
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx5_get_rsc(), create_resource_common() and mlx5_core_destroy_rq_tracked() functions in drivers/infiniband/hw/mlx5/qpc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Input validation error
EUVDB-ID: #VU112241
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Improper locking
EUVDB-ID: #VU112238
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38165
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sk_psock_skb_ingress_enqueue(), sk_psock_skb_ingress(), sk_psock_skb_ingress_self() and sk_psock_verdict_apply() functions in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Improper locking
EUVDB-ID: #VU112239
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38166
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) NULL pointer dereference
EUVDB-ID: #VU112205
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38167
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the indx_get_entry_to_replace() function in fs/ntfs3/index.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Resource management error
EUVDB-ID: #VU112256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38170
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_sme_acc() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Input validation error
EUVDB-ID: #VU112264
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38173
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mv_cesa_skcipher_queue_req() function in drivers/crypto/marvell/cipher.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Race condition
EUVDB-ID: #VU112258
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38174
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tb_cfg_request_dequeue() function in drivers/thunderbolt/ctl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Input validation error
EUVDB-ID: #VU112334
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38177
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the eltree_insert() and hfsc_qlen_notify() functions in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Use-after-free
EUVDB-ID: #VU112282
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38180
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lec_itf_walk(), lec_seq_start() and lec_seq_stop() functions in net/atm/lec.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Improper error handling
EUVDB-ID: #VU112316
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38181
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the calipso_req_setattr() and calipso_req_delattr() functions in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Input validation error
EUVDB-ID: #VU112314
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38182
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ublk_ctrl_add_dev() function in drivers/block/ublk_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Out-of-bounds read
EUVDB-ID: #VU112290
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38183
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/microchip/lan743x_ptp.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) NULL pointer dereference
EUVDB-ID: #VU112311
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38184
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_udp_nl_dump_remoteip() function in net/tipc/udp_media.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) Memory leak
EUVDB-ID: #VU112277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38185
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atmtcp_c_send() function in drivers/atm/atmtcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) Memory leak
EUVDB-ID: #VU112279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38190
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_pop_raw() function in net/atm/raw.c, within the vcc_sendmsg() function in net/atm/common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) NULL pointer dereference
EUVDB-ID: #VU112308
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38191
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the krb5_authenticate() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) NULL pointer dereference
EUVDB-ID: #VU112307
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38192
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_skb_change_protocol(), bpf_skb_proto_4_to_6(), bpf_skb_proto_6_to_4(), bpf_skb_net_grow() and bpf_skb_net_shrink() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
228) Race condition
EUVDB-ID: #VU112324
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38193
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the sfq_change() function in net/sched/sch_sfq.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Input validation error
EUVDB-ID: #VU112332
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38194
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the jffs2_sum_write_sumnode() function in fs/jffs2/summary.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) NULL pointer dereference
EUVDB-ID: #VU112306
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38197
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the packet_read_list() and packet_empty_list() functions in drivers/platform/x86/dell/dell_rbu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
231) NULL pointer dereference
EUVDB-ID: #VU112305
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38198
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fbcon_info_from_console() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
232) Integer underflow
EUVDB-ID: #VU112322
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38200
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the i40e_pf_reset() function in drivers/net/ethernet/intel/i40e/i40e_common.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) Resource management error
EUVDB-ID: #VU112328
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38202
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_3() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) NULL pointer dereference
EUVDB-ID: #VU112304
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38208
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the automount_fullpath() function in fs/smb/client/namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Use-after-free
EUVDB-ID: #VU112285
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38211
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) Use-after-free
EUVDB-ID: #VU112286
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38212
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the shm_try_destroy_orphaned() function in ipc/shm.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) Improper error handling
EUVDB-ID: #VU112318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38214
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the fb_set_var() function in drivers/video/fbdev/core/fbmem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) NULL pointer dereference
EUVDB-ID: #VU112302
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38215
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fb_check_foreignness() and do_register_framebuffer() functions in drivers/video/fbdev/core/fbmem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
239) Improper locking
EUVDB-ID: #VU112312
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38217
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fts_read() function in drivers/hwmon/ftsteutates.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
240) Out-of-bounds read
EUVDB-ID: #VU112293
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38218
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the f2fs_sanity_check_ckpt() and DIV_ROUND_UP() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
241) Resource management error
EUVDB-ID: #VU112329
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38219
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the f2fs_unlink() function in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) NULL pointer dereference
EUVDB-ID: #VU112301
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38220
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ext4_walk_page_buffers() function in fs/ext4/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) Improper error handling
EUVDB-ID: #VU112319
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38222
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_prepare_inline_data() function in fs/ext4/inline.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) NULL pointer dereference
EUVDB-ID: #VU112300
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38225
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dev_err() function in drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) Out-of-bounds read
EUVDB-ID: #VU112295
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38226
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vivid_vid_cap_s_selection() function in drivers/media/test-drivers/vivid/vivid-vid-cap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) Use-after-free
EUVDB-ID: #VU112288
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38227
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vidtv_psi_sdt_table_destroy() function in drivers/media/test-drivers/vidtv/vidtv_channel.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) Use of uninitialized resource
EUVDB-ID: #VU112321
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38229
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cxusb_gpio_tuner() function in drivers/media/usb/dvb-usb/cxusb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Out-of-bounds read
EUVDB-ID: #VU112296
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38230
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) NULL pointer dereference
EUVDB-ID: #VU112299
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38231
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfsd_startup_net() function in fs/nfsd/nfssvc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
250) Use-after-free
EUVDB-ID: #VU112753
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38236
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() and unix_stream_recv_urg() functions in net/unix/af_unix.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
251) Out-of-bounds read
EUVDB-ID: #VU112759
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38239
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the megasas_set_high_iops_queue_affinity_and_hint() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
252) Improper locking
EUVDB-ID: #VU112802
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38244
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_query_server_interfaces() and cifs_signal_cifsd_for_reconnect() functions in fs/smb/client/connect.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
253) Incorrect calculation
EUVDB-ID: #VU112839
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38245
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the atm_dev_deregister() function in net/atm/resources.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
254) Improper error handling
EUVDB-ID: #VU112817
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38246
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __bnxt_poll_work() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
255) Out-of-bounds read
EUVDB-ID: #VU112760
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38249
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_usb_get_audioformat_uac3() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
256) Use-after-free
EUVDB-ID: #VU112751
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38250
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_IDA(), hci_dev_get(), hci_dev_do_reset(), hci_dev_reset(), hci_alloc_dev_priv() and hci_unregister_dev() functions in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
257) Input validation error
EUVDB-ID: #VU112841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38251
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clip_push() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
258) NULL pointer dereference
EUVDB-ID: #VU112779
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38255
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the group_cpus_evenly() function in lib/group_cpus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
259) Buffer overflow
EUVDB-ID: #VU112823
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38257
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the _copy_apqns_from_user() function in drivers/s390/crypto/pkey_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
260) Memory leak
EUVDB-ID: #VU112740
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38258
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the memcg_path_store() function in mm/damon/sysfs-schemes.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
261) Memory leak
EUVDB-ID: #VU112741
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38259
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the WCD9335_SLIM_TX_CH() and wcd9335_parse_dt() functions in sound/soc/codecs/wcd9335.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
262) NULL pointer dereference
EUVDB-ID: #VU112778
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38260
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_global_roots_objectid() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
263) Improper Initialization
EUVDB-ID: #VU112825
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38262
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the pm_runtime_set_active() and ulite_init() functions in drivers/tty/serial/uartlite.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
264) Use-after-free
EUVDB-ID: #VU112752
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38263
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the CLOSURE_CALLBACK() function in drivers/md/bcache/super.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
265) Infinite loop
EUVDB-ID: #VU112824
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38264
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the nvme_tcp_fetch_request(), nvme_tcp_init_request(), nvme_tcp_handle_r2t() and nvme_tcp_submit_async_event() functions in drivers/nvme/host/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
266) NULL pointer dereference
EUVDB-ID: #VU112776
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38265
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jsm_uart_port_init() function in drivers/tty/serial/jsm/jsm_tty.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
267) NULL pointer dereference
EUVDB-ID: #VU112772
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38274
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_mgr_test_img_load_sgt() function in drivers/fpga/tests/fpga-mgr-test.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
268) NULL pointer dereference
EUVDB-ID: #VU112763
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38275
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qmp_usb_iomap() function in drivers/phy/qualcomm/phy-qcom-qmp-usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
269) Input validation error
EUVDB-ID: #VU112808
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38277
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mxic_ecc_finish_io_req_external() function in drivers/mtd/nand/ecc-mxic.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
270) Resource management error
EUVDB-ID: #VU112833
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38278
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the otx2_qos_leaf_del_last() function in drivers/net/ethernet/marvell/octeontx2/nic/qos.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
271) Resource management error
EUVDB-ID: #VU112835
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38280
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
272) Improper locking
EUVDB-ID: #VU112797
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38282
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernfs_should_drain_open_files() function in fs/kernfs/file.c, within the kernfs_break_active_protection() function in fs/kernfs/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
273) Input validation error
EUVDB-ID: #VU112843
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38283
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vf_qm_check_match(), vf_qm_load_data() and hisi_acc_vfio_pci_migrn_init_dev() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
274) Resource management error
EUVDB-ID: #VU112836
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38285
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_bpf_raw_tp_regs() function in kernel/trace/bpf_trace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
275) Out-of-bounds read
EUVDB-ID: #VU112757
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38286
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the at91_gpio_probe() function in drivers/pinctrl/pinctrl-at91.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
276) Improper locking
EUVDB-ID: #VU112795
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38290
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath12k_rfkill_work() and ath12k_core_halt() functions in drivers/net/wireless/ath/ath12k/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
277) Improper locking
EUVDB-ID: #VU112793
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38293
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ath11k_core_halt() function in drivers/net/wireless/ath/ath11k/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
278) Input validation error
EUVDB-ID: #VU112846
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38295
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the meson_ddr_pmu_create() function in drivers/perf/amlogic/meson_ddr_pmu_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
279) Out-of-bounds read
EUVDB-ID: #VU112758
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38298
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the EXPORT_SYMBOL_GPL() function in drivers/edac/skx_common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
280) Use-after-free
EUVDB-ID: #VU112749
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38300
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
281) NULL pointer dereference
EUVDB-ID: #VU112768
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38304
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eir_create_scan_rsp() function in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
282) Improper locking
EUVDB-ID: #VU112792
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38305
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/ptp/ptp_private.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
283) NULL pointer dereference
EUVDB-ID: #VU112767
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38307
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_control_write() function in sound/soc/intel/avs/debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
284) Input validation error
EUVDB-ID: #VU112810
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38310
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
285) Input validation error
EUVDB-ID: #VU112811
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38312
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fb_find_mode_cvt() function in drivers/video/fbdev/core/fbcvt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
286) Double free
EUVDB-ID: #VU112815
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38313
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fsl_mc_device_add() function in drivers/bus/fsl-mc/fsl-mc-bus.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
287) NULL pointer dereference
EUVDB-ID: #VU112764
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38319
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() functions in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
288) Incorrect calculation
EUVDB-ID: #VU112838
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38320
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the regs_get_kernel_stack_nth() function in arch/arm64/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
289) Improper locking
EUVDB-ID: #VU112787
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38321
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the close_all_cached_dirs() function in fs/smb/client/cached_dir.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
290) Improper locking
EUVDB-ID: #VU112786
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38322
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the intel_pmu_read_event() function in arch/x86/events/intel/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
291) Use-after-free
EUVDB-ID: #VU112743
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38323
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_MUTEX(), lec_vcc_attach(), lecd_attach() and lane_ioctl() functions in net/atm/lec.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
292) Improper locking
EUVDB-ID: #VU112785
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38324
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mpls_route_input_rcu() function in net/mpls/af_mpls.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
293) Improper locking
EUVDB-ID: #VU112784
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38326
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aoedev_downdev() function in drivers/block/aoe/aoedev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
294) NULL pointer dereference
EUVDB-ID: #VU112762
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38328
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jffs2_scan_medium() function in fs/jffs2/scan.c, within the jffs2_mark_erased_block() function in fs/jffs2/erase.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
295) Input validation error
EUVDB-ID: #VU112806
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38331
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the gmac_map_tx_bufs() function in drivers/net/ethernet/cortina/gemini.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
296) Buffer overflow
EUVDB-ID: #VU112821
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38332
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lpfc_sli4_get_ctl_attr() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
297) Use-after-free
EUVDB-ID: #VU112744
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38334
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the arch_memory_failure() function in arch/x86/kernel/cpu/sgx/main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
298) Improper locking
EUVDB-ID: #VU112782
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38335
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gpio_keys_irq_isr() and gpio_keys_setup_key() functions in drivers/input/keyboard/gpio_keys.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
299) Resource management error
EUVDB-ID: #VU112831
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38336
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the via_mode_filter() function in drivers/ata/pata_via.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
300) NULL pointer dereference
EUVDB-ID: #VU112761
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38337
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the jbd2_journal_dirty_metadata() function in fs/jbd2/transaction.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
301) Improper locking
EUVDB-ID: #VU112781
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38338
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_return_empty_folio() function in fs/nfs/read.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
302) Buffer overflow
EUVDB-ID: #VU112828
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38342
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the software_node_get_reference_args() function in drivers/base/swnode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
303) Input validation error
EUVDB-ID: #VU113104
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38343
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt7996_mac_fill_rx() function in drivers/net/wireless/mediatek/mt76/mt7996/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
304) Input validation error
EUVDB-ID: #VU53155
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-26145
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. A remote attacker on the local network can inject arbitrary network packets independent of the network configuration.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
305) Memory leak
EUVDB-ID: #VU112736
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38344
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
306) Memory leak
EUVDB-ID: #VU112737
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38345
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
307) Use-after-free
EUVDB-ID: #VU112745
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38346
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ftrace_release_mod() function in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
308) Improper locking
EUVDB-ID: #VU112780
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38347
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
309) Input validation error
EUVDB-ID: #VU112807
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38348
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the p54_rx_eeprom_readback() function in drivers/net/wireless/intersil/p54/txrx.c, within the p54_download_eeprom() function in drivers/net/wireless/intersil/p54/fwio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
310) Use-after-free
EUVDB-ID: #VU113102
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38349
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ep_remove() and ep_clear_and_put() functions in fs/eventpoll.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
311) Race condition
EUVDB-ID: #VU113313
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2025-38352
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.
Note, the vulnerability is being actively exploited in the wild against Android devices.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
312) Improper locking
EUVDB-ID: #VU113294
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38354
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the msm_devfreq_init() function in drivers/gpu/drm/msm/msm_gpu_devfreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
313) NULL pointer dereference
EUVDB-ID: #VU113276
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38362
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mod_hdcp_hdcp1_enable_encryption() function in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
314) NULL pointer dereference
EUVDB-ID: #VU113275
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38363
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_crtc_reset() function in drivers/gpu/drm/tegra/dc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
315) NULL pointer dereference
EUVDB-ID: #VU113274
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38364
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mas_preallocate() function in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
316) Race condition
EUVDB-ID: #VU113312
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38365
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the btrfs_rename_exchange() and btrfs_rename() functions in fs/btrfs/inode.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
317) NULL pointer dereference
EUVDB-ID: #VU113273
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38368
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tps6594_pfsm_probe() function in drivers/misc/tps6594-pfsm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
318) Resource management error
EUVDB-ID: #VU113316
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38369
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the idxd_cdev_evl_drain_pasid() function in drivers/dma/idxd/cdev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
319) NULL pointer dereference
EUVDB-ID: #VU113272
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38371
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v3d_hub_irq(), v3d_irq_init() and v3d_irq_disable() functions in drivers/gpu/drm/v3d/v3d_irq.c, within the v3d_reset() function in drivers/gpu/drm/v3d/v3d_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
320) Out-of-bounds read
EUVDB-ID: #VU113254
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38375
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mergeable_ctx_to_truesize(), virtnet_get_headroom(), xdp_linearize_page(), receive_small_xdp() and mergeable_xdp_get_buf() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
321) Resource management error
EUVDB-ID: #VU113326
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38376
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the udc_suspend() and udc_resume() functions in drivers/usb/chipidea/udc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
322) Use-after-free
EUVDB-ID: #VU113244
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38377
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rose_rt_device_down() function in net/rose/rose_route.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
323) Infinite loop
EUVDB-ID: #VU113310
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38382
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
324) Memory leak
EUVDB-ID: #VU113237
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38384
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the spinand_cleanup() function in drivers/mtd/nand/spi/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
325) Improper locking
EUVDB-ID: #VU113282
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38385
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lan78xx_disconnect() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
326) Use-after-free
EUVDB-ID: #VU113246
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38386
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acpi_ds_call_control_method() function in drivers/acpi/acpica/dsmethod.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
327) NULL pointer dereference
EUVDB-ID: #VU113270
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38387
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the subscribe_event_xa_alloc() function in drivers/infiniband/hw/mlx5/devx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
328) Resource management error
EUVDB-ID: #VU113327
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38389
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ring_context_alloc() function in drivers/gpu/drm/i915/gt/intel_ring_submission.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
329) Out-of-bounds read
EUVDB-ID: #VU113256
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38391
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pin_assignment_show() function in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
330) Improper locking
EUVDB-ID: #VU113284
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38393
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_layoutget_begin() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
331) Out-of-bounds read
EUVDB-ID: #VU113257
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38395
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the gpio_regulator_probe() function in drivers/regulator/gpio-regulator.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
332) Buffer overflow
EUVDB-ID: #VU113332
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38396
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the secretmem_file_create() function in mm/secretmem.c, within the anon_inode_make_secure_inode() and __anon_inode_getfile() functions in fs/anon_inodes.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
333) NULL pointer dereference
EUVDB-ID: #VU113269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kmem_cache_free() function in drivers/target/target_core_pr.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
334) Memory leak
EUVDB-ID: #VU113239
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38400
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
335) Buffer overflow
EUVDB-ID: #VU113308
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the msdc_prepare_data() and msdc_ops_request() functions in drivers/mmc/host/mtk-sd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
336) Use of uninitialized resource
EUVDB-ID: #VU113303
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38403
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the vmci_transport_packet_init() function in net/vmw_vsock/vmci_transport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
337) Input validation error
EUVDB-ID: #VU113341
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38406
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath6kl_bmi_get_target_info() function in drivers/net/wireless/ath/ath6kl/bmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
338) Memory leak
EUVDB-ID: #VU113231
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38409
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the msm_ioctl_gem_submit() and mutex_unlock() functions in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
339) Memory leak
EUVDB-ID: #VU113232
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38410
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __msm_gem_submit_destroy() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
340) Input validation error
EUVDB-ID: #VU113342
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38412
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_bios_attributes() function in drivers/platform/x86/dell/dell-wmi-sysman/sysman.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c, within the is_enabled_show() function in drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c, within the current_value_show() function in drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
341) Out-of-bounds read
EUVDB-ID: #VU113253
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38415
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the squashfs_fill_super() function in fs/squashfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
342) Input validation error
EUVDB-ID: #VU113343
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38416
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_uart_set_driver() function in net/nfc/nci/uart.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
343) Memory leak
EUVDB-ID: #VU113234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38418
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_resource_cleanup() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
344) Memory leak
EUVDB-ID: #VU113235
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38419
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rproc_attach() function in drivers/remoteproc/remoteproc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
345) NULL pointer dereference
EUVDB-ID: #VU113267
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38420
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the carl9170_usb_rx_complete() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
346) Out-of-bounds read
EUVDB-ID: #VU113252
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38422
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the lan743x_hs_otp_read(), lan743x_hs_otp_write(), lan743x_hs_eeprom_read(), lan743x_hs_eeprom_write() and lan743x_ethtool_get_eeprom_len() functions in drivers/net/ethernet/microchip/lan743x_ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
347) Buffer overflow
EUVDB-ID: #VU113320
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38424
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the do_exit() function in kernel/exit.c, within the perf_sample_ustack_size() and perf_callchain() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
348) Input validation error
EUVDB-ID: #VU113334
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38425
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_i2c_xfer() function in drivers/i2c/busses/i2c-tegra.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
349) Resource management error
EUVDB-ID: #VU113322
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38427
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DEFINE_RES_MEM() and screen_info_apply_fixups() functions in drivers/video/screen_info_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
350) Buffer overflow
EUVDB-ID: #VU113306
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38428
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ims_pcu_flash_firmware() function in drivers/input/misc/ims-pcu.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
351) Use of uninitialized resource
EUVDB-ID: #VU113302
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38429
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mhi_ep_ring_add_element() function in drivers/bus/mhi/ep/ring.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
352) Input validation error
EUVDB-ID: #VU113335
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38430
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfsd4_spo_must_allow() function in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
353) Input validation error
EUVDB-ID: #VU113340
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38436
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drm_sched_entity_kill_jobs_work() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
354) Use-after-free
EUVDB-ID: #VU113240
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38437
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb20_oplock_break_ack() and smb21_lease_break_ack() functions in fs/smb/server/smb2pdu.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
355) Resource management error
EUVDB-ID: #VU113314
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38439
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __bnxt_xmit_xdp_redirect() function in drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
356) Use of uninitialized resource
EUVDB-ID: #VU113301
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38441
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the include/net/netfilter/nf_flow_table.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
357) Use-after-free
EUVDB-ID: #VU113241
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38443
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_start_device() and set_bit() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
358) Memory leak
EUVDB-ID: #VU113229
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38444
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the raid10_read_request() and raid10_write_request() functions in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
359) Use-after-free
EUVDB-ID: #VU113242
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38445
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_reshape() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
360) Improper locking
EUVDB-ID: #VU113280
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38448
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __acquires() and gs_start_io() functions in drivers/usb/gadget/function/u_serial.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
361) Improper locking
EUVDB-ID: #VU113279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38449
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drm_gem_fb_destroy() and drm_gem_fb_init_with_funcs() functions in drivers/gpu/drm/drm_gem_framebuffer_helper.c, within the drm_gem_private_object_fini(), drm_gem_object_exported_dma_buf_free(), drm_gem_object_handle_put_unlocked() and drm_gem_handle_create_tail() functions in drivers/gpu/drm/drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
362) Buffer overflow
EUVDB-ID: #VU113329
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38451
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the md_bitmap_get_stats() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
363) Input validation error
EUVDB-ID: #VU113295
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38455
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sev_check_source_vcpus() function in arch/x86/kvm/svm/sev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
364) Buffer overflow
EUVDB-ID: #VU113304
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38456
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ipmi_create_user() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
365) Improper error handling
EUVDB-ID: #VU113300
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38457
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the qdisc_leaf(), tc_get_qdisc() and NL_SET_ERR_MSG() functions in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
366) NULL pointer dereference
EUVDB-ID: #VU113261
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the atmarpd_close() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
367) Improper locking
EUVDB-ID: #VU113278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38459
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clip_mkip() function in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
368) NULL pointer dereference
EUVDB-ID: #VU113260
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38460
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the DEFINE_MUTEX(), to_atmarpd(), atmarpd_close() and atm_init_atmarp() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
369) Improper locking
EUVDB-ID: #VU113277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38461
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL_GPL() and vsock_assign_transport() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
370) NULL pointer dereference
EUVDB-ID: #VU113259
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38462
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vsock_assign_transport() and vsock_dev_do_ioctl() functions in net/vmw_vsock/af_vsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
371) Buffer overflow
EUVDB-ID: #VU113305
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38463
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the net/ipv4/tcp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
372) Use-after-free
EUVDB-ID: #VU113243
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38464
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_topsrv_stop() function in net/tipc/topsrv.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
373) Buffer overflow
EUVDB-ID: #VU113331
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38465
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the netlink_skb_set_owner_r(), netlink_alloc_large_skb(), netlink_unicast_kernel(), EXPORT_SYMBOL_GPL() and netlink_dump() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
374) Buffer overflow
EUVDB-ID: #VU113318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38466
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the perf_uprobe_event_init() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
375) NULL pointer dereference
EUVDB-ID: #VU113258
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38467
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the decon_irq_handler() function in drivers/gpu/drm/exynos/exynos7_drm_decon.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
376) NULL pointer dereference
EUVDB-ID: #VU113389
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38468
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the htb_lookup_leaf() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
377) Resource management error
EUVDB-ID: #VU113408
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38469
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_xen_schedop_poll() function in arch/x86/kvm/xen.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
378) Memory leak
EUVDB-ID: #VU113369
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38470
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __vlan_device_event() and vlan_device_event() functions in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
379) Use-after-free
EUVDB-ID: #VU113370
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38471
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_strp_read_sock() function in net/tls/tls_strp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
380) Use-after-free
EUVDB-ID: #VU113372
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38472
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_ct_resolve_clash_harder(), __nf_conntrack_confirm() and __nf_conntrack_insert_prepare() functions in net/netfilter/nf_conntrack_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
381) Use-after-free
EUVDB-ID: #VU113373
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38473
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_resume_cb() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
382) Input validation error
EUVDB-ID: #VU113411
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38474
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sierra_net_bind() function in drivers/net/usb/sierra_net.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
383) Use-after-free
EUVDB-ID: #VU113375
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38476
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpl_do_srh_inline() function in net/ipv6/rpl_iptunnel.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
384) Use-after-free
EUVDB-ID: #VU113376
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38477
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qfq_change_class(), qfq_delete_class(), qfq_dump_class() and qfq_dump_class_stats() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
385) Use of uninitialized resource
EUVDB-ID: #VU113402
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38478
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the do_insnlist_ioctl() and do_insn_ioctl() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
386) Use of uninitialized resource
EUVDB-ID: #VU113403
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38480
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the insn_rw_emulate_bits() function in drivers/comedi/drivers.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
387) Resource management error
EUVDB-ID: #VU113406
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38481
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the check_insnlist_len(), comedi_unlocked_ioctl() and compat_insnlist() functions in drivers/comedi/comedi_fops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
388) Out-of-bounds read
EUVDB-ID: #VU113380
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38482
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the das6402_attach() function in drivers/comedi/drivers/das6402.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
389) Out-of-bounds read
EUVDB-ID: #VU113381
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38483
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the das16m1_attach() function in drivers/comedi/drivers/das16m1.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
390) Use-after-free
EUVDB-ID: #VU113378
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38485
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fxls8962af_buffer_predisable() function in drivers/iio/accel/fxls8962af-core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
391) NULL pointer dereference
EUVDB-ID: #VU113393
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38487
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aspeed_lpc_enable_snoop() and aspeed_lpc_disable_snoop() functions in drivers/soc/aspeed/aspeed-lpc-snoop.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
392) Use-after-free
EUVDB-ID: #VU113379
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38488
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the crypt_message() function in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
393) Improper locking
EUVDB-ID: #VU98995
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SMB2_negotiate() function in fs/smb/client/smb2pdu.c, within the smb2_get_enc_key(), crypt_message(), smb3_init_transform_rq() and decrypt_raw_data() functions in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
394) NULL pointer dereference
EUVDB-ID: #VU113396
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38489
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_jit_plt() function in arch/s390/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
395) Double free
EUVDB-ID: #VU113399
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38490
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the wx_dma_sync_frag(), wx_put_rx_buffer() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
396) Input validation error
EUVDB-ID: #VU113398
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38491
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the subflow_finish_connect(), WRITE_ONCE(), __mptcp_subflow_connect() and subflow_state_change() functions in net/mptcp/subflow.c, within the mptcp_check_data_fin(), __mptcp_finish_join(), mptcp_update_infinite_map(), mptcp_check_fastclose(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the check_fully_established() function in net/mptcp/options.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
397) Out-of-bounds read
EUVDB-ID: #VU113385
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38493
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __timerlat_dump_stack() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
398) Buffer overflow
EUVDB-ID: #VU113407
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38494
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __hid_request() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
399) Incorrect calculation
EUVDB-ID: #VU113410
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38495
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
400) Improper locking
EUVDB-ID: #VU113397
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38496
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __evict_many() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
401) Out-of-bounds read
EUVDB-ID: #VU113387
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38497
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the webusb_landingPage_store() and os_desc_qw_sign_store() functions in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
402) Improper privilege management
EUVDB-ID: #VU113806
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38498
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the do_change_type() function in fs/namespace.c. A local user can read and manipulate data.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
403) Input validation error
EUVDB-ID: #VU113807
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38499
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
404) Use-after-free
EUVDB-ID: #VU113902
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38500
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xfrmi_changelink() function in net/xfrm/xfrm_interface_core.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
405) Input validation error
EUVDB-ID: #VU114192
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2025-38501
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the alloc_transport() and ksmbd_kthread_fn() functions in fs/smb/server/transport_tcp.c. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
406) Reachable assertion
EUVDB-ID: #VU114169
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38503
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the populate_free_space_tree() function in fs/btrfs/free-space-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
407) Improper locking
EUVDB-ID: #VU114162
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38510
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the init_task_stack_addr() and print_address_description() functions in mm/kasan/report.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
408) Input validation error
EUVDB-ID: #VU114190
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38512
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
409) Insufficient verification of data authenticity
EUVDB-ID: #VU114098
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-27558
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform spoofing attack.
The vulnerability exists due to insufficient verification of data authenticity in mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP). A remote attacker on the local network can inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames and perform spoofing attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
410) Spoofing attack
EUVDB-ID: #VU53098
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24588
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
411) NULL pointer dereference
EUVDB-ID: #VU114145
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38513
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zd_mac_tx_to_dev() function in drivers/net/wireless/zydas/zd1211rw/zd_mac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
412) Improper error handling
EUVDB-ID: #VU114173
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38514
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the rxrpc_alloc_incoming_call() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
413) Improper locking
EUVDB-ID: #VU114163
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38515
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the include/drm/spsc_queue.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
414) Input validation error
EUVDB-ID: #VU114167
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38516
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the msm_gpio_needs_dual_edge_parent_workaround() and msm_gpio_init() functions in drivers/pinctrl/qcom/pinctrl-msm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
415) Memory leak
EUVDB-ID: #VU114132
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38520
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svm_range_split_head(), svm_range_split_by_granularity(), svm_range_add_list_work(), schedule_deferred_list_work(), svm_range_unmap_split(), svm_range_unmap_from_cpu() and svm_range_cpu_invalidate_pagetables() functions in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
416) Improper locking
EUVDB-ID: #VU114150
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38524
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rxrpc_see_call() and release_sock() functions in net/rxrpc/recvmsg.c, within the rxrpc_discard_prealloc() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
417) NULL pointer dereference
EUVDB-ID: #VU114142
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38526
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_lag_is_switchdev_running() function in drivers/net/ethernet/intel/ice/ice_lag.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
418) Use-after-free
EUVDB-ID: #VU114133
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38527
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_oplock_break() and cifs_put_tlink() functions in fs/smb/client/file.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
419) Resource management error
EUVDB-ID: #VU114181
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38528
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bpf_bprintf_prepare() function in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
420) Out-of-bounds read
EUVDB-ID: #VU114136
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38529
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the aio_iiro_16_attach() function in drivers/comedi/drivers/aio_iiro_16.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
421) Out-of-bounds read
EUVDB-ID: #VU114137
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38530
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the pcl812_attach() function in drivers/comedi/drivers/pcl812.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
422) Improper locking
EUVDB-ID: #VU114151
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38532
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wx_alloc_rx_buffers() and wx_clean_rx_ring() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c, within the wx_configure_rx_ring() function in drivers/net/ethernet/wangxun/libwx/wx_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
423) Use-after-free
EUVDB-ID: #VU114134
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38533
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wx_alloc_mapped_page() and wx_alloc_rx_buffers() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
424) Resource management error
EUVDB-ID: #VU114182
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38535
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tegra186_xusb_padctl_vbus_override(), tegra186_xusb_padctl_id_override() and tegra186_utmi_phy_set_mode() functions in drivers/phy/tegra/xusb-tegra186.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
425) Improper locking
EUVDB-ID: #VU114154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38537
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the phy_probe() and phy_remove() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
426) Buffer overflow
EUVDB-ID: #VU114175
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38538
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nbpf_probe() function in drivers/dma/nbpfaxi.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
427) Improper locking
EUVDB-ID: #VU114155
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38539
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __register_event() and __trace_add_event_dirs() functions in kernel/trace/trace_events.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
428) Input validation error
EUVDB-ID: #VU114188
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38540
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the HID_USB_DEVICE() function in drivers/hid/hid-quirks.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
429) Memory leak
EUVDB-ID: #VU114129
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38542
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atrtr_create() function in net/appletalk/ddp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
430) Improper error handling
EUVDB-ID: #VU114172
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38543
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nvdec_load_falcon_firmware() function in drivers/gpu/drm/tegra/nvdec.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
431) Reachable assertion
EUVDB-ID: #VU114168
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38544
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rxrpc_service_prealloc_one() function in net/rxrpc/call_accept.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
432) Memory leak
EUVDB-ID: #VU114130
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38546
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the atm_init_atmarp() and clip_ioctl() functions in net/atm/clip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
433) Input validation error
EUVDB-ID: #VU114166
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38548
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the DECLARE_BITMAP(), send_usb_cmd() and ccp_raw_event() functions in drivers/hwmon/corsair-cpro.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
434) Input validation error
EUVDB-ID: #VU114189
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38550
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mld_del_delrec() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
435) Improper locking
EUVDB-ID: #VU114157
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38552
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the subflow_sched_work_if_closed() and mptcp_subflow_fail() functions in net/mptcp/subflow.c, within the mptcp_data_ready(), __mptcp_finish_join(), __mptcp_retrans(), __mptcp_init_sock() and mptcp_finish_join() functions in net/mptcp/protocol.c, within the mptcp_pm_mp_fail_received() function in net/mptcp/pm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
436) Improper locking
EUVDB-ID: #VU114278
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38553
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_attr() and netem_change() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
437) Use-after-free
EUVDB-ID: #VU114242
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the composite_os_desc_req_prepare() function in drivers/usb/gadget/composite.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
438) Input validation error
EUVDB-ID: #VU114279
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38560
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the early_set_pages_state() function in arch/x86/kernel/sev.c, within the setup_cpuid_table() and pvalidate_pages() functions in arch/x86/kernel/sev-shared.c, within the get_cpuflags() function in arch/x86/boot/cpuflags.c, within the __page_state_change() function in arch/x86/boot/compressed/sev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
439) Race condition
EUVDB-ID: #VU114290
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-38561
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to a race condition within the smb2_sess_setup() function in fs/smb/server/smb2pdu.c when handling the Preauth_HashValue field. A remote user can execute arbitrary code in the context of the kernel.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
440) NULL pointer dereference
EUVDB-ID: #VU114271
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-38562
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the krb5_authenticate() function in fs/smb/server/smb2pdu.c. A remote user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
441) Memory leak
EUVDB-ID: #VU114234
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38563
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the perf_mmap_pfn_mkwrite() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
442) Memory leak
EUVDB-ID: #VU114236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38565
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() and vm_flags_set() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
443) Resource management error
EUVDB-ID: #VU114292
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38566
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the svc_tcp_sock_process_cmsg(), svc_tcp_read_msg() and svc_tcp_read_marker() functions in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
444) Out-of-bounds read
EUVDB-ID: #VU114255
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38568
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mqprio_parse_opt() function in net/sched/sch_mqprio.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
445) Improper locking
EUVDB-ID: #VU114275
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38569
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the be_cmd_set_mac_list() function in drivers/net/ethernet/emulex/benet/be_cmds.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
446) Incorrect calculation
EUVDB-ID: #VU114294
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38571
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the xs_alloc_sparse_pages(), xs_sock_process_cmsg(), xs_sock_recvmsg() and xs_read_discard() functions in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
447) Integer overflow
EUVDB-ID: #VU114283
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38572
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
448) Use of uninitialized resource
EUVDB-ID: #VU114280
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38574
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the pptp_xmit() function in drivers/net/ppp/pptp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
449) Infinite loop
EUVDB-ID: #VU114286
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38576
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the eeh_bridge_check_link() function in arch/powerpc/kernel/eeh_pe.c, within the eeh_pe_report_edev(), eeh_pe_report(), eeh_dev_restore_state(), eeh_reset_device(), eeh_handle_normal_event(), eeh_pe_state_clear(), eeh_clear_slot_attention() and eeh_handle_special_event() functions in arch/powerpc/kernel/eeh_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
450) Use-after-free
EUVDB-ID: #VU114244
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38577
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_update_inode_page() function in fs/f2fs/inode.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
451) Use-after-free
EUVDB-ID: #VU114245
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38578
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fs/f2fs/inode.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
452) Use of uninitialized resource
EUVDB-ID: #VU114281
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38579
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the f2fs_init_read_extent_tree() function in fs/f2fs/extent_cache.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
453) NULL pointer dereference
EUVDB-ID: #VU114270
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38581
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ccp5_debugfs_setup() function in drivers/crypto/ccp/ccp-debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
454) NULL pointer dereference
EUVDB-ID: #VU114269
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38583
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xvcu_unregister_clock_provider() function in drivers/clk/xilinx/xlnx_vcu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
455) Infinite loop
EUVDB-ID: #VU114287
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38587
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the fib6_info_uses_dev() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
456) Infinite loop
EUVDB-ID: #VU114288
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38588
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rt6_nh_nlmsg_size() function in net/ipv6/route.c, within the WRITE_ONCE() and fib6_del_route() functions in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
457) NULL pointer dereference
EUVDB-ID: #VU114258
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38590
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_ipsec_offload_handle_rx_skb() function in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
458) Improper locking
EUVDB-ID: #VU114277
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38601
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in drivers/net/wireless/ath/ath11k/hal.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
459) NULL pointer dereference
EUVDB-ID: #VU114265
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38602
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iwl_bg_restart(), iwl_setup_deferred_work(), iwl_op_mode_dvm_start() and iwl_cancel_deferred_work() functions in drivers/net/wireless/intel/iwlwifi/dvm/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
460) NULL pointer dereference
EUVDB-ID: #VU114263
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38604
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtl8187_stop() function in drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
461) Use of uninitialized resource
EUVDB-ID: #VU114282
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38608
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
462) NULL pointer dereference
EUVDB-ID: #VU114260
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38609
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the devfreq_remove_governor() function in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
463) NULL pointer dereference
EUVDB-ID: #VU114259
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38610
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_pd_power_uw() function in drivers/powercap/dtpm_cpu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
464) Memory leak
EUVDB-ID: #VU114240
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38612
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fbtft_framebuffer_alloc() function in drivers/staging/fbtft/fbtft-core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
465) Input validation error
EUVDB-ID: #VU114297
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38615
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ntfs_rename() function in fs/ntfs3/namei.c, within the ni_add_name() and ni_rename() functions in fs/ntfs3/frecord.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
466) Improper locking
EUVDB-ID: #VU114533
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38617
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the packet_set_ring() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
467) Use-after-free
EUVDB-ID: #VU114500
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38618
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __vsock_bind_connectible() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
468) Improper error handling
EUVDB-ID: #VU114537
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38622
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the include/net/udp.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
469) Improper error handling
EUVDB-ID: #VU114538
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38623
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pnv_php_set_attention_state(), pnv_php_enable() and pnv_php_enable_msix() functions in drivers/pci/hotplug/pnv_php.c, within the pci_hp_add_devices() function in arch/powerpc/kernel/pci-hotplug.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
470) Memory leak
EUVDB-ID: #VU114493
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38624
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pnv_php_register(), pnv_php_disable_irq(), pnv_php_free_slot(), pnv_php_reset_slot(), pnv_php_disable_slot(), pnv_php_alloc_slot() and pnv_php_init_irq() functions in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
471) Resource management error
EUVDB-ID: #VU114549
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38625
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pds_vfio_ops_info() function in drivers/vfio/pci/pds/vfio_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
472) Improper error handling
EUVDB-ID: #VU114536
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38626
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_map_blocks() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
473) NULL pointer dereference
EUVDB-ID: #VU114523
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38630
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imxfb_probe() function in drivers/video/fbdev/imxfb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
474) NULL pointer dereference
EUVDB-ID: #VU114522
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38632
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pin_free() function in drivers/pinctrl/pinmux.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
475) NULL pointer dereference
EUVDB-ID: #VU114521
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38634
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cpcap_usb_detect() function in drivers/power/supply/cpcap-charger.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
476) NULL pointer dereference
EUVDB-ID: #VU114520
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38635
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the davinci_lpsc_clk_register() function in drivers/clk/davinci/psc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
477) Out-of-bounds read
EUVDB-ID: #VU114506
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38639
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfacct_mt_checkentry() function in net/netfilter/xt_nfacct.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
478) Improper locking
EUVDB-ID: #VU114529
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38640
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_hook_run_bpf() function in net/netfilter/nf_bpf_link.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
479) Use of uninitialized resource
EUVDB-ID: #VU114540
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38644
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_tdls_oper() function in net/mac80211/tdls.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
480) NULL pointer dereference
EUVDB-ID: #VU114518
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38645
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_init_once() function in drivers/net/ethernet/mellanox/mlx5/core/main.c, within the mlx5_dm_create() and kfree() functions in drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c, within the handle_alloc_dm_memic() function in drivers/infiniband/hw/mlx5/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
481) NULL pointer dereference
EUVDB-ID: #VU114517
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38646
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_core_cancel_6ghz_probe_tx() function in drivers/net/wireless/realtek/rtw89/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
482) NULL pointer dereference
EUVDB-ID: #VU114516
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38648
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stm32_spi_probe() function in drivers/spi/spi-stm32.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
483) Improper locking
EUVDB-ID: #VU114528
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38650
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfsplus_free_extents() function in fs/hfsplus/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
484) Out-of-bounds read
EUVDB-ID: #VU114503
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38652
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
485) Use-after-free
EUVDB-ID: #VU114496
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38653
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_reg_open() function in fs/proc/inode.c, within the pde_set_flags() function in fs/proc/generic.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
486) Use-after-free
EUVDB-ID: #VU114495
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38659
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the signal_our_withdraw() function in fs/gfs2/util.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
487) Input validation error
EUVDB-ID: #VU114534
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38663
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __nilfs_read_inode() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
488) NULL pointer dereference
EUVDB-ID: #VU114514
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38664
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_copy_and_init_pkg() function in drivers/net/ethernet/intel/ice/ice_ddp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
489) NULL pointer dereference
EUVDB-ID: #VU114513
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38665
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the can_changelink() function in drivers/net/can/dev/netlink.c, within the can_change_state(), can_restart() and can_restart_now() functions in drivers/net/can/dev/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
490) Use-after-free
EUVDB-ID: #VU114494
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38666
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_RWLOCK(), __aarp_expire(), aarp_purge() and aarp_proxy_probe_network() functions in net/appletalk/aarp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
491) NULL pointer dereference
EUVDB-ID: #VU114512
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38668
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the regulator_remove_coupling() function in drivers/regulator/core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
492) Improper error handling
EUVDB-ID: #VU114535
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38670
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the SYM_CODE_END(), SYM_FUNC_START() and NOKPROBE() functions in arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
493) Infinite loop
EUVDB-ID: #VU114543
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38671
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the qup_i2c_bus_active() function in drivers/i2c/busses/i2c-qup.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
494) Resource management error
EUVDB-ID: #VU114962
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39702
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the seg6_hmac_validate_skb() function in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
495) Use-after-free
EUVDB-ID: #VU114909
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39711
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mei_csi_remove() function in drivers/media/pci/intel/ivsc/mei_csi.c, within the mei_ace_remove() function in drivers/media/pci/intel/ivsc/mei_ace.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
496) Buffer overflow
EUVDB-ID: #VU114959
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39726
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ism_cmd() and ism_probe() functions in drivers/s390/net/ism_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
497) Input validation error
EUVDB-ID: #VU114967
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39730
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs_fh_to_dentry() function in fs/nfs/export.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
498) Improper error handling
EUVDB-ID: #VU114948
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39731
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_read_end_io() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
499) Improper locking
EUVDB-ID: #VU114940
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39734
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ntfs_file_mmap() function in fs/ntfs3/file.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
500) Input validation error
EUVDB-ID: #VU115505
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39746
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath10k_wmi_cmd_send() function in drivers/net/wireless/ath/ath10k/wmi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
501) Double free
EUVDB-ID: #VU115511
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39790
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
502) Improper locking
EUVDB-ID: #VU115696
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39833
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hfcpci_softirq() and HFC_init() functions in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
503) Use-after-free
EUVDB-ID: #VU115974
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39866
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
504) Memory leak
EUVDB-ID: #VU107646
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-39989
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the error_context() function in arch/x86/kernel/cpu/mce/severity.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 23
kernel-64k-devel: before 6.6.102-5
kernel-64k-debug-devel: before 6.6.102-5
kernel-64k-debug: before 6.6.102-5
kernel-64k: before 6.6.102-5
python3-perf: before 6.6.102-5
perf: before 6.6.102-5
kernel-tools-libs-devel: before 6.6.102-5
kernel-tools-libs: before 6.6.102-5
kernel-tools: before 6.6.102-5
kernel-headers: before 6.6.102-5
kernel-devel: before 6.6.102-5
kernel-debug-devel: before 6.6.102-5
kernel-debug: before 6.6.102-5
kernel: before 6.6.102-5
bpftool: before 6.6.102-5
CPE2.3- cpe:2.3:o:openanolis:anolis_os:23:*:*:*:*:*:*:*
- cpe:2.3:a:openanolis:kernel-64k-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-64k:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:python3-perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:perf:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-tools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-headers:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:kernel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:a:openanolis:bpftool:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
