SB2025112230 - openEuler 24.03 LTS update for kernel
Published: November 22, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 34 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2025-23140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_endpoint_test_release_irq() function in drivers/misc/pci_endpoint_test.c. A local user can perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2025-38059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scrub_find_fill_first_stripe() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.
3) Improper locking (CVE-ID: CVE-2025-38132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cscfg_remove_owned_csdev_configs() function in drivers/hwtracing/coresight/coresight-syscfg.c. A local user can perform a denial of service (DoS) attack.
4) NULL pointer dereference (CVE-ID: CVE-2025-38155)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7915_mmio_wed_init() function in drivers/net/wireless/mediatek/mt76/mt7915/mmio.c. A local user can perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2025-38167)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the indx_get_entry_to_replace() function in fs/ntfs3/index.c. A local user can perform a denial of service (DoS) attack.
6) Double free (CVE-ID: CVE-2025-38206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the exfat_free_upcase_table() function in fs/exfat/nls.c. A local user can perform a denial of service (DoS) attack.
7) Improper locking (CVE-ID: CVE-2025-38326)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aoedev_downdev() function in drivers/block/aoe/aoedev.c. A local user can perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2025-38348)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the p54_rx_eeprom_readback() function in drivers/net/wireless/intersil/p54/txrx.c, within the p54_download_eeprom() function in drivers/net/wireless/intersil/p54/fwio.c. A local user can perform a denial of service (DoS) attack.
9) Improper locking (CVE-ID: CVE-2025-38640)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_hook_run_bpf() function in net/netfilter/nf_bpf_link.c. A local user can perform a denial of service (DoS) attack.
10) NULL pointer dereference (CVE-ID: CVE-2025-38696)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mips_stack_top() function in arch/mips/kernel/process.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2025-38718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sctp_rcv() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
12) Use-after-free (CVE-ID: CVE-2025-38734)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_listen_work() function in net/smc/af_smc.c. A local user can escalate privileges on the system.
13) NULL pointer dereference (CVE-ID: CVE-2025-39693)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_connector_atomic_check() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2025-39711)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mei_csi_remove() function in drivers/media/pci/intel/ivsc/mei_csi.c, within the mei_ace_remove() function in drivers/media/pci/intel/ivsc/mei_ace.c. A local user can escalate privileges on the system.
15) Input validation error (CVE-ID: CVE-2025-39716)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/parisc/include/asm/uaccess.h. A local user can perform a denial of service (DoS) attack.
16) Out-of-bounds read (CVE-ID: CVE-2025-39719)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ARRAY_SIZE() and bno055_get_regmask() functions in drivers/iio/imu/bno055/bno055.c. A local user can perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2025-39726)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ism_cmd() and ism_probe() functions in drivers/s390/net/ism_drv.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2025-39767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the module_emit_plt_entry() function in arch/loongarch/kernel/module-sections.c. A local user can perform a denial of service (DoS) attack.
19) Resource management error (CVE-ID: CVE-2025-39781)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the flush_cache_vmap() function in arch/parisc/kernel/cache.c. A local user can perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2025-39794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tegra_cpu_reset_handler_enable() function in arch/arm/mach-tegra/reset.c. A local user can perform a denial of service (DoS) attack.
21) Resource management error (CVE-ID: CVE-2025-39808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ntrig_report_version() function in drivers/hid/hid-ntrig.c. A local user can perform a denial of service (DoS) attack.
22) NULL pointer dereference (CVE-ID: CVE-2025-39842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_clear_inode() function in fs/ocfs2/inode.c. A local user can perform a denial of service (DoS) attack.
23) NULL pointer dereference (CVE-ID: CVE-2025-39846)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __iodyn_find_io_region() function in drivers/pcmcia/rsrc_iodyn.c. A local user can perform a denial of service (DoS) attack.
24) Use-after-free (CVE-ID: CVE-2025-39861)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __vhci_create_device(), vhci_open() and vhci_release() functions in drivers/bluetooth/hci_vhci.c. A local user can escalate privileges on the system.
25) Use-after-free (CVE-ID: CVE-2025-39863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_btcoex_detach() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/btcoex.c. A local user can escalate privileges on the system.
26) Input validation error (CVE-ID: CVE-2025-39909)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the damon_lru_sort_apply_parameters() function in mm/damon/lru_sort.c. A local user can perform a denial of service (DoS) attack.
27) Division by zero (CVE-ID: CVE-2025-39916)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the damon_reclaim_apply_parameters() function in mm/damon/reclaim.c. A local user can perform a denial of service (DoS) attack.
28) NULL pointer dereference (CVE-ID: CVE-2025-39934)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the anx7625_i2c_probe() function in drivers/gpu/drm/bridge/analogix/anx7625.c. A local user can perform a denial of service (DoS) attack.
29) Buffer overflow (CVE-ID: CVE-2025-39952)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/net/wireless/microchip/wilc1000/wlan_cfg.h. A local user can escalate privileges on the system.
30) Improper locking (CVE-ID: CVE-2025-40038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the svm_vcpu_pre_run() function in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2025-40119)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_discard_work() function in fs/ext4/mballoc.c. A local user can escalate privileges on the system.
32) Out-of-bounds read (CVE-ID: CVE-2025-40157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the i10nm_check_ecc() and i10nm_get_dimm_config() functions in drivers/edac/i10nm_base.c. A local user can perform a denial of service (DoS) attack.
33) Resource management error (CVE-ID: CVE-2025-40196)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dqput() and dquot_init() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
34) Input validation error (CVE-ID: CVE-2025-40207)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/media/v4l2-subdev.h. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.