Main Vulnerability Database SB2025111481

SB2025111481 - openEuler 20.03 LTS SP4 update for kernel

Published: November 14, 2025

Security Bulletin ID SB2025111481

Severity

Low

Patch available

YES

Number of vulnerabilities 27

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 27 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2022-50349)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tifm_7xx1_switch_media() function in drivers/misc/tifm_7xx1.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2022-50352)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hnae_ae_register() function in drivers/net/ethernet/hisilicon/hns/hnae.c. A local user can perform a denial of service (DoS) attack.

3) Race condition (CVE-ID: CVE-2022-50435)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the ext4_seek_data() function in fs/ext4/file.c. A local user can perform a denial of service (DoS) attack.

4) Memory leak (CVE-ID: CVE-2022-50482)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the si_domain_init() and init_dmars() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

5) Memory leak (CVE-ID: CVE-2022-50484)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sync_ep_set_params() function in sound/usb/endpoint.c. A local user can perform a denial of service (DoS) attack.

6) Memory leak (CVE-ID: CVE-2022-50489)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mipi_dsi_remove_device_fn() function in drivers/gpu/drm/drm_mipi_dsi.c. A local user can perform a denial of service (DoS) attack.

7) Memory leak (CVE-ID: CVE-2022-50520)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the radeon_atrm_get_bios() function in drivers/gpu/drm/radeon/radeon_bios.c. A local user can perform a denial of service (DoS) attack.

8) Memory leak (CVE-ID: CVE-2022-50531)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tipc_topsrv_kern_subscr() function in net/tipc/topsrv.c. A local user can perform a denial of service (DoS) attack.

9) Out-of-bounds read (CVE-ID: CVE-2022-50551)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the brcmf_fw_alloc_request() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c. A local user can perform a denial of service (DoS) attack.

10) Use-after-free (CVE-ID: CVE-2022-50552)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the elv_unregister() and elevator_init_mq() functions in block/elevator.c. A local user can escalate privileges on the system.

11) Input validation error (CVE-ID: CVE-2023-53185)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the htc_process_conn_rsp() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.

12) Memory leak (CVE-ID: CVE-2023-53199)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ath9k_hif_usb_rx_stream() function in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.

13) Use of uninitialized resource (CVE-ID: CVE-2023-53344)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the bcm_tx_setup() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2023-53427)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the allocate_mr_list() function in fs/cifs/smbdirect.c. A local user can escalate privileges on the system.

15) Use-after-free (CVE-ID: CVE-2023-53446)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.

16) Buffer overflow (CVE-ID: CVE-2023-53454)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the mt_post_parse() and mt_input_configured() functions in drivers/hid/hid-multitouch.c. A local user can perform a denial of service (DoS) attack.

17) Buffer overflow (CVE-ID: CVE-2023-53500)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the xfrmi_xmit() function in net/xfrm/xfrm_interface_core.c. A local user can perform a denial of service (DoS) attack.

18) Out-of-bounds read (CVE-ID: CVE-2023-53582)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the brcmf_c_preinit_dcmds() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c. A local user can perform a denial of service (DoS) attack.

19) Memory leak (CVE-ID: CVE-2023-53641)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ath9k_hif_usb_alloc_tx_urbs() function in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.

20) Out-of-bounds read (CVE-ID: CVE-2023-53675)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ses_enclosure_data_process() function in drivers/scsi/ses.c. A local user can perform a denial of service (DoS) attack.

21) Buffer overflow (CVE-ID: CVE-2023-53676)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the lio_target_nacl_info_show() function in drivers/target/iscsi/iscsi_target_configfs.c. A local user can escalate privileges on the system.

22) Out-of-bounds read (CVE-ID: CVE-2023-53717)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c. A local user can perform a denial of service (DoS) attack.

23) Input validation error (CVE-ID: CVE-2023-53733)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the u32_set_parms() and u32_change() functions in net/sched/cls_u32.c. A local user can perform a denial of service (DoS) attack.

24) NULL pointer dereference (CVE-ID: CVE-2025-39725)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the get_hwpoison_page() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.

25) Improper locking (CVE-ID: CVE-2025-39782)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the jbd2_log_do_checkpoint() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

26) Input validation error (CVE-ID: CVE-2025-39973)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i40e_config_vsi_tx_queue() and i40e_config_vsi_rx_queue() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.

27) Use-after-free (CVE-ID: CVE-2025-40044)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2659

Vulnerable Software

openEuler: 20.03 LTS SP4
python3-perf-debuginfo: before 4.19.90-2511.2.0.0351
python3-perf: before 4.19.90-2511.2.0.0351
python2-perf-debuginfo: before 4.19.90-2511.2.0.0351
python2-perf: before 4.19.90-2511.2.0.0351
perf-debuginfo: before 4.19.90-2511.2.0.0351
perf: before 4.19.90-2511.2.0.0351
kernel-tools-devel: before 4.19.90-2511.2.0.0351
kernel-tools-debuginfo: before 4.19.90-2511.2.0.0351
kernel-tools: before 4.19.90-2511.2.0.0351
kernel-source: before 4.19.90-2511.2.0.0351
kernel-devel: before 4.19.90-2511.2.0.0351
kernel-debugsource: before 4.19.90-2511.2.0.0351
kernel-debuginfo: before 4.19.90-2511.2.0.0351
bpftool-debuginfo: before 4.19.90-2511.2.0.0351
bpftool: before 4.19.90-2511.2.0.0351
kernel: before 4.19.90-2511.2.0.0351

SB2025111481 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human