SB2025110768 - openEuler 24.03 LTS SP1 update for kernel

Main Vulnerability Database SB2025110768

SB2025110768 - openEuler 24.03 LTS SP1 update for kernel

Published: November 7, 2025

Security Bulletin ID SB2025110768

Severity

Low

Patch available

YES

Number of vulnerabilities 27

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 27 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2025-21991)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the load_microcode_amd() function in arch/x86/kernel/cpu/microcode/amd.c. A local user can perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2025-22093)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dmub_hw_lock_mgr_inbox0_cmd() function in drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c. A local user can perform a denial of service (DoS) attack.

3) Incorrect calculation (CVE-ID: CVE-2025-37998)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the output_userspace() function in net/openvswitch/actions.c. A local user can perform a denial of service (DoS) attack.

4) Out-of-bounds read (CVE-ID: CVE-2025-39685)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the pcl726_attach() function in drivers/comedi/drivers/pcl726.c. A local user can perform a denial of service (DoS) attack.

5) Input validation error (CVE-ID: CVE-2025-39701)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the applicable_image() function in drivers/acpi/pfr_update.c. A local user can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2025-39725)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the get_hwpoison_page() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.

7) Division by zero (CVE-ID: CVE-2025-39742)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the find_hw_thread_mask() function in drivers/infiniband/hw/hfi1/affinity.c. A local user can perform a denial of service (DoS) attack.

8) Improper locking (CVE-ID: CVE-2025-39782)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the jbd2_log_do_checkpoint() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2025-39832)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/net/ethernet/mellanox/mlx5/core/fw_reset.h. A local user can perform a denial of service (DoS) attack.

10) Memory leak (CVE-ID: CVE-2025-39847)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pad_compress_skb() and ppp_send_frame() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

11) Use-after-free (CVE-ID: CVE-2025-39860)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.

12) Input validation error (CVE-ID: CVE-2025-39880)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the con_fault_finish() and clear_standby() functions in net/ceph/messenger.c. A local user can perform a denial of service (DoS) attack.

13) Buffer overflow (CVE-ID: CVE-2025-39889)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the l2cap_connect() function in net/bluetooth/l2cap_core.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2025-39945)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cnic_cm_stop_bnx2x_hw() function in drivers/net/ethernet/broadcom/cnic.c. A local user can escalate privileges on the system.

15) Improper error handling (CVE-ID: CVE-2025-39949)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the qed_protection_override_dump() function in drivers/net/ethernet/qlogic/qed/qed_debug.c. A local user can perform a denial of service (DoS) attack.

16) Input validation error (CVE-ID: CVE-2025-39969)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h. A local user can perform a denial of service (DoS) attack.

17) Out-of-bounds read (CVE-ID: CVE-2025-39970)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the i40e_validate_cloud_filter() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.

18) Input validation error (CVE-ID: CVE-2025-39972)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i40e_validate_queue_map() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.

19) Input validation error (CVE-ID: CVE-2025-39973)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i40e_config_vsi_tx_queue() and i40e_config_vsi_rx_queue() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.

20) Use-after-free (CVE-ID: CVE-2025-39977)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the function in kernel/futex/requeue.c. A local user can escalate privileges on the system.

21) Improper locking (CVE-ID: CVE-2025-40006)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the remove_inode_single_folio() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.

22) Improper locking (CVE-ID: CVE-2025-40021)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dyn_event_open() function in kernel/trace/trace_dynevent.c. A local user can perform a denial of service (DoS) attack.

23) NULL pointer dereference (CVE-ID: CVE-2025-40042)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the uprobe_dispatcher() and uretprobe_dispatcher() functions in kernel/trace/trace_uprobe.c. A local user can perform a denial of service (DoS) attack.

24) Resource management error (CVE-ID: CVE-2025-40057)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can perform a denial of service (DoS) attack.

25) Improper locking (CVE-ID: CVE-2025-40071)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gsm_send_packet(), gsm_dlci_open() and gsm_modem_upd_via_msc() functions in drivers/tty/n_gsm.c. A local user can perform a denial of service (DoS) attack.

26) Buffer overflow (CVE-ID: CVE-2025-40081)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the function in drivers/perf/arm_spe_pmu.c. A local user can escalate privileges on the system.

27) Improper error handling (CVE-ID: CVE-2025-40102)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the kvm_arch_vcpu_ioctl() function in arch/arm64/kvm/arm.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2634

Vulnerable Software

openEuler: 24.03 LTS SP1
python3-perf-debuginfo: before 6.6.0-115.0.0.119
python3-perf: before 6.6.0-115.0.0.119
perf-debuginfo: before 6.6.0-115.0.0.119
perf: before 6.6.0-115.0.0.119
kernel-tools-devel: before 6.6.0-115.0.0.119
kernel-tools-debuginfo: before 6.6.0-115.0.0.119
kernel-tools: before 6.6.0-115.0.0.119
kernel-source: before 6.6.0-115.0.0.119
kernel-headers: before 6.6.0-115.0.0.119
kernel-devel: before 6.6.0-115.0.0.119
kernel-debugsource: before 6.6.0-115.0.0.119
kernel-debuginfo: before 6.6.0-115.0.0.119
bpftool-debuginfo: before 6.6.0-115.0.0.119
bpftool: before 6.6.0-115.0.0.119
kernel: before 6.6.0-115.0.0.119