Main Vulnerability Database SB2025112818

SB2025112818 - openEuler 22.03 LTS SP4 update for kernel

Published: November 28, 2025 Updated: January 16, 2026

Security Bulletin ID SB2025112818

Severity

Low

Patch available

YES

Number of vulnerabilities 5

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2025-22121)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ext4_xattr_check_block(), __xattr_check_inode(), ext4_xattr_ibody_get(), ext4_xattr_ibody_list(), ext4_get_inode_usage(), ext4_xattr_ibody_find() and sizeof() functions in fs/ext4/xattr.c, within the ext4_iget_extra_inode() function in fs/ext4/inode.c. A local user can escalate privileges on the system.

2) Buffer overflow (CVE-ID: CVE-2025-39751)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the add_tuning_control() function in sound/pci/hda/patch_ca0132.c. A local user can escalate privileges on the system.

3) Input validation error (CVE-ID: CVE-2025-40019)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the essiv_aead_crypt() function in crypto/essiv.c. A local user can perform a denial of service (DoS) attack.

4) Memory leak (CVE-ID: CVE-2025-40183)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __bpf_redirect_neigh_v6() and __bpf_redirect_neigh_v4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

5) Resource management error (CVE-ID: CVE-2025-40194)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the update_qos_request() function in drivers/cpufreq/intel_pstate.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2764

Vulnerable Software

openEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-292.0.0.195
python3-perf: before 5.10.0-292.0.0.195
perf-debuginfo: before 5.10.0-292.0.0.195
perf: before 5.10.0-292.0.0.195
kernel-tools-devel: before 5.10.0-292.0.0.195
kernel-tools-debuginfo: before 5.10.0-292.0.0.195
kernel-tools: before 5.10.0-292.0.0.195
kernel-source: before 5.10.0-292.0.0.195
kernel-headers: before 5.10.0-292.0.0.195
kernel-devel: before 5.10.0-292.0.0.195
kernel-debugsource: before 5.10.0-292.0.0.195
kernel-debuginfo: before 5.10.0-292.0.0.195
bpftool-debuginfo: before 5.10.0-292.0.0.195
bpftool: before 5.10.0-292.0.0.195
kernel: before 5.10.0-292.0.0.195