SB20251031130 - openEuler 22.03 LTS SP4 update for kernel

Main Vulnerability Database SB20251031130

SB20251031130 - openEuler 22.03 LTS SP4 update for kernel

Published: October 31, 2025

Security Bulletin ID SB20251031130

Severity

Low

Patch available

YES

Number of vulnerabilities 24

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 24 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2022-50306)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ext4_fc_replay_cleanup(), ext4_fc_replay_scan() and ext4_fc_replay() functions in fs/ext4/fast_commit.c. A local user can perform a denial of service (DoS) attack.

2) Improper locking (CVE-ID: CVE-2023-53728)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the posix_timer_by_id() function in kernel/time/posix-timers.c. A local user can perform a denial of service (DoS) attack.

3) Improper locking (CVE-ID: CVE-2024-50210)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2024-53168)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.

5) Out-of-bounds read (CVE-ID: CVE-2024-53214)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2024-56602)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee802154_create() function in net/ieee802154/socket.c. A local user can escalate privileges on the system.

7) Out-of-bounds read (CVE-ID: CVE-2024-56616)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drm_dp_decode_sideband_msg_hdr() function in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.

8) Resource management error (CVE-ID: CVE-2024-57904)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the at91_ts_register() function in drivers/iio/adc/at91_adc.c. A local user can perform a denial of service (DoS) attack.

9) Memory leak (CVE-ID: CVE-2024-57906)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ads8688_trigger_handler() function in drivers/iio/adc/ti-ads8688.c. A local user can perform a denial of service (DoS) attack.

10) Improper privilege management (CVE-ID: CVE-2024-57931)

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the services_compute_xperms_decision() function in security/selinux/ss/services.c. A local user can read and manipulate data.

11) NULL pointer dereference (CVE-ID: CVE-2024-58052)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the atomctrl_get_smc_sclk_range_table() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

12) Use-after-free (CVE-ID: CVE-2024-58093)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.

13) Resource management error (CVE-ID: CVE-2024-58237)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the subprog_tc() function in tools/testing/selftests/bpf/progs/tc_bpf2bpf.c, within the bpf_helper_changes_pkt_data() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

14) Infinite loop (CVE-ID: CVE-2025-21665)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the folio_seek_hole_data() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

15) Out-of-bounds read (CVE-ID: CVE-2025-21772)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mac_partition() function in block/partitions/mac.c. A local user can perform a denial of service (DoS) attack.

16) Input validation error (CVE-ID: CVE-2025-21802)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hclgevf_init() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c, within the module_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c, within the EXPORT_SYMBOL() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.

17) Use-after-free (CVE-ID: CVE-2025-23142)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sctp_transport_free() function in net/sctp/transport.c, within the sctp_writeable(), sctp_sendmsg_to_asoc(), sctp_sock_rfree() and sctp_wait_for_sndbuf() functions in net/sctp/socket.c. A local user can escalate privileges on the system.

18) Input validation error (CVE-ID: CVE-2025-37823)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hfsc_dequeue() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.

19) Use-after-free (CVE-ID: CVE-2025-37915)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.

20) NULL pointer dereference (CVE-ID: CVE-2025-37992)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_change() function in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.

21) Use-after-free (CVE-ID: CVE-2025-38724)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfsd4_setclientid_confirm() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.

22) Input validation error (CVE-ID: CVE-2025-39898)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the e1000_set_eeprom() function in drivers/net/ethernet/intel/e1000e/ethtool.c. A local user can perform a denial of service (DoS) attack.

23) Input validation error (CVE-ID: CVE-2025-39971)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i40e_vc_config_queues_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.

24) Buffer overflow (CVE-ID: CVE-2025-39998)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the target_lu_gp_members_show() function in drivers/target/target_core_configfs.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2555

Vulnerable Software

openEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-287.0.0.190
python3-perf: before 5.10.0-287.0.0.190
perf-debuginfo: before 5.10.0-287.0.0.190
perf: before 5.10.0-287.0.0.190
kernel-tools-devel: before 5.10.0-287.0.0.190
kernel-tools-debuginfo: before 5.10.0-287.0.0.190
kernel-tools: before 5.10.0-287.0.0.190
kernel-source: before 5.10.0-287.0.0.190
kernel-headers: before 5.10.0-287.0.0.190
kernel-devel: before 5.10.0-287.0.0.190
kernel-debugsource: before 5.10.0-287.0.0.190
kernel-debuginfo: before 5.10.0-287.0.0.190
bpftool-debuginfo: before 5.10.0-287.0.0.190
bpftool: before 5.10.0-287.0.0.190
kernel: before 5.10.0-287.0.0.190