Main Vulnerability Database SB20251031133

SB20251031133 - openEuler 20.03 LTS SP4 update for kernel

Published: October 31, 2025 Updated: February 6, 2026

Security Bulletin ID SB20251031133

Severity

High

Patch available

YES

Number of vulnerabilities 26

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 26 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2022-50405)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in net/ipv4/udp_tunnel.c. A local user can perform a denial of service (DoS) attack.

2) Input validation error (CVE-ID: CVE-2022-50470)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xhci_free_virt_device() function in drivers/usb/host/xhci-mem.c. A local user can perform a denial of service (DoS) attack.

3) Input validation error (CVE-ID: CVE-2022-50494)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the start_power_clamp() function in drivers/thermal/intel_powerclamp.c. A local user can perform a denial of service (DoS) attack.

4) Memory leak (CVE-ID: CVE-2022-50505)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ppr_notifier() function in drivers/iommu/amd/iommu_v2.c. A local user can perform a denial of service (DoS) attack.

5) Memory leak (CVE-ID: CVE-2022-50544)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the xhci_alloc_stream_info() function in drivers/usb/host/xhci-mem.c. A local user can perform a denial of service (DoS) attack.

6) Memory leak (CVE-ID: CVE-2022-50566)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the add_mtd_device() function in drivers/mtd/mtdcore.c. A local user can perform a denial of service (DoS) attack.

7) Out-of-bounds write (CVE-ID: CVE-2023-53265)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the io_init() function in drivers/mtd/ubi/build.c. A local user can execute arbitrary code.

8) Buffer overflow (CVE-ID: CVE-2023-53271)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ubi_resize_volume() function in drivers/mtd/ubi/vmt.c. A local user can perform a denial of service (DoS) attack.

9) Resource management error (CVE-ID: CVE-2023-53296)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sctp_sendmsg_to_asoc() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.

10) Buffer overflow (CVE-ID: CVE-2023-53372)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the sctp_generate_iftsn() function in net/sctp/stream_interleave.c. A local user can perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2023-53384)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mwifiex_handle_uap_rx_forward() function in drivers/net/wireless/marvell/mwifiex/uap_txrx.c. A local user can perform a denial of service (DoS) attack.

12) Buffer overflow (CVE-ID: CVE-2023-53453)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the radeon_atombios_fini() function in drivers/gpu/drm/radeon/radeon_device.c. A local user can perform a denial of service (DoS) attack.

13) Input validation error (CVE-ID: CVE-2023-53481)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the wear_leveling_worker() and ubi_wl_put_peb() functions in drivers/mtd/ubi/wl.c. A local user can perform a denial of service (DoS) attack.

14) Buffer overflow (CVE-ID: CVE-2023-53515)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the virtio_mmio_release_dev() and virtio_mmio_probe() functions in drivers/virtio/virtio_mmio.c. A local user can perform a denial of service (DoS) attack.

15) Memory leak (CVE-ID: CVE-2023-53567)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the spi_qup_remove() function in drivers/spi/spi-qup.c. A local user can perform a denial of service (DoS) attack.

16) Memory leak (CVE-ID: CVE-2023-53604)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dm_integrity_init() function in drivers/md/dm-integrity.c. A local user can perform a denial of service (DoS) attack.

17) NULL pointer dereference (CVE-ID: CVE-2023-53648)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_ac97_mixer() function in sound/pci/ac97/ac97_codec.c. A local user can perform a denial of service (DoS) attack.

18) NULL pointer dereference (CVE-ID: CVE-2023-53681)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __bch_btree_node_alloc() function in drivers/md/bcache/btree.c. A local user can perform a denial of service (DoS) attack.

19) Memory leak (CVE-ID: CVE-2023-53719)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the arc_serial_probe() function in drivers/tty/serial/arc_uart.c. A local user can perform a denial of service (DoS) attack.

20) Improper locking (CVE-ID: CVE-2023-53728)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the posix_timer_by_id() function in kernel/time/posix-timers.c. A local user can perform a denial of service (DoS) attack.

21) Use-after-free (CVE-ID: CVE-2024-53168)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xs_create_sock() function in net/sunrpc/xprtsock.c, within the svc_create_socket() function in net/sunrpc/svcsock.c. A local user can escalate privileges on the system.

22) Use-after-free (CVE-ID: CVE-2025-38180)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lec_itf_walk(), lec_seq_start() and lec_seq_stop() functions in net/atm/lec.c. A local user can escalate privileges on the system.

23) Race condition (CVE-ID: CVE-2025-38352)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.

Note, the vulnerability is being actively exploited in the wild against Android devices.

24) Out-of-bounds read (CVE-ID: CVE-2025-38729)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the validate_uac3_feature_unit() and FUNC() functions in sound/usb/validate.c. A local user can perform a denial of service (DoS) attack.

25) NULL pointer dereference (CVE-ID: CVE-2025-39676)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla4xxx_get_ep_fwdb() function in drivers/scsi/qla4xxx/ql4_os.c. A local user can perform a denial of service (DoS) attack.

26) Buffer overflow (CVE-ID: CVE-2025-39817)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efivarfs_d_compare() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2553

Vulnerable Software

openEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2510.4.0.0349
python3-perf: before 4.19.90-2510.4.0.0349
python2-perf-debuginfo: before 4.19.90-2510.4.0.0349
python2-perf: before 4.19.90-2510.4.0.0349
perf-debuginfo: before 4.19.90-2510.4.0.0349
perf: before 4.19.90-2510.4.0.0349
kernel-tools-devel: before 4.19.90-2510.4.0.0349
kernel-tools-debuginfo: before 4.19.90-2510.4.0.0349
kernel-tools: before 4.19.90-2510.4.0.0349
kernel-source: before 4.19.90-2510.4.0.0349
kernel-devel: before 4.19.90-2510.4.0.0349
kernel-debugsource: before 4.19.90-2510.4.0.0349
kernel-debuginfo: before 4.19.90-2510.4.0.0349
bpftool-debuginfo: before 4.19.90-2510.4.0.0349
bpftool: before 4.19.90-2510.4.0.0349
kernel: before 4.19.90-2510.4.0.0349

SB20251031133 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human