SB20251031131 - openEuler 22.03 LTS SP3 update for kernel

Main Vulnerability Database SB20251031131

SB20251031131 - openEuler 22.03 LTS SP3 update for kernel

Published: October 31, 2025

Security Bulletin ID SB20251031131

Severity

Low

Patch available

YES

Number of vulnerabilities 30

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 30 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2022-50306)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ext4_fc_replay_cleanup(), ext4_fc_replay_scan() and ext4_fc_replay() functions in fs/ext4/fast_commit.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2023-4244)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

3) Buffer overflow (CVE-ID: CVE-2023-53454)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mt_post_parse() and mt_input_configured() functions in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.

4) Improper locking (CVE-ID: CVE-2023-53615)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qlt_free_session_done() and qlt_unreg_sess() functions in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

5) Out-of-bounds read (CVE-ID: CVE-2023-53675)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ses_enclosure_data_process() function in drivers/scsi/ses.c. A local user can perform a denial of service (DoS) attack.

6) Buffer overflow (CVE-ID: CVE-2023-53711)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nfs_file_direct_read() function in fs/nfs/direct.c. A local user can perform a denial of service (DoS) attack.

7) Out-of-bounds read (CVE-ID: CVE-2023-53722)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the raid1_remove_disk() function in drivers/md/raid1.c. A local user can perform a denial of service (DoS) attack.

8) Improper locking (CVE-ID: CVE-2023-53728)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the posix_timer_by_id() function in kernel/time/posix-timers.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2024-50210)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

10) Use-after-free (CVE-ID: CVE-2024-53168)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.

11) Out-of-bounds read (CVE-ID: CVE-2024-53214)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.

12) Use-after-free (CVE-ID: CVE-2024-56602)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee802154_create() function in net/ieee802154/socket.c. A local user can escalate privileges on the system.

13) Out-of-bounds read (CVE-ID: CVE-2024-56616)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drm_dp_decode_sideband_msg_hdr() function in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.

14) Resource management error (CVE-ID: CVE-2024-57904)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the at91_ts_register() function in drivers/iio/adc/at91_adc.c. A local user can perform a denial of service (DoS) attack.

15) Memory leak (CVE-ID: CVE-2024-57906)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ads8688_trigger_handler() function in drivers/iio/adc/ti-ads8688.c. A local user can perform a denial of service (DoS) attack.

16) Improper privilege management (CVE-ID: CVE-2024-57931)

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the services_compute_xperms_decision() function in security/selinux/ss/services.c. A local user can read and manipulate data.

17) NULL pointer dereference (CVE-ID: CVE-2024-58052)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the atomctrl_get_smc_sclk_range_table() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c. A local user can perform a denial of service (DoS) attack.

18) Use-after-free (CVE-ID: CVE-2024-58093)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.

19) Resource management error (CVE-ID: CVE-2024-58237)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the subprog_tc() function in tools/testing/selftests/bpf/progs/tc_bpf2bpf.c, within the bpf_helper_changes_pkt_data() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

20) Infinite loop (CVE-ID: CVE-2025-21665)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the folio_seek_hole_data() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

21) Out-of-bounds read (CVE-ID: CVE-2025-21772)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mac_partition() function in block/partitions/mac.c. A local user can perform a denial of service (DoS) attack.

22) Input validation error (CVE-ID: CVE-2025-21802)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hclgevf_init() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c, within the module_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c, within the EXPORT_SYMBOL() function in drivers/net/ethernet/hisilicon/hns3/hnae3.c. A local user can perform a denial of service (DoS) attack.

23) Use-after-free (CVE-ID: CVE-2025-23142)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sctp_transport_free() function in net/sctp/transport.c, within the sctp_writeable(), sctp_sendmsg_to_asoc(), sctp_sock_rfree() and sctp_wait_for_sndbuf() functions in net/sctp/socket.c. A local user can escalate privileges on the system.

24) Input validation error (CVE-ID: CVE-2025-37823)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hfsc_dequeue() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.

25) Use-after-free (CVE-ID: CVE-2025-37915)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_is_active() and drr_enqueue() functions in net/sched/sch_drr.c. A local user can escalate privileges on the system.

26) NULL pointer dereference (CVE-ID: CVE-2025-37992)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_change() function in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.

27) Use-after-free (CVE-ID: CVE-2025-38724)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfsd4_setclientid_confirm() function in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.

28) Input validation error (CVE-ID: CVE-2025-39898)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the e1000_set_eeprom() function in drivers/net/ethernet/intel/e1000e/ethtool.c. A local user can perform a denial of service (DoS) attack.

29) Input validation error (CVE-ID: CVE-2025-39971)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i40e_vc_config_queues_msg() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.

30) Buffer overflow (CVE-ID: CVE-2025-39998)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the target_lu_gp_members_show() function in drivers/target/target_core_configfs.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2554

Vulnerable Software

openEuler: 22.03 LTS SP3
python3-perf-debuginfo: before 5.10.0-287.0.0.189
python3-perf: before 5.10.0-287.0.0.189
perf-debuginfo: before 5.10.0-287.0.0.189
perf: before 5.10.0-287.0.0.189
kernel-tools-devel: before 5.10.0-287.0.0.189
kernel-tools-debuginfo: before 5.10.0-287.0.0.189
kernel-tools: before 5.10.0-287.0.0.189
kernel-source: before 5.10.0-287.0.0.189
kernel-headers: before 5.10.0-287.0.0.189
kernel-devel: before 5.10.0-287.0.0.189
kernel-debugsource: before 5.10.0-287.0.0.189
kernel-debuginfo: before 5.10.0-287.0.0.189
kernel: before 5.10.0-287.0.0.189