Main Vulnerability Database SB2025120575

SB2025120575 - openEuler 24.03 LTS SP2 update for kernel

Published: December 5, 2025

Security Bulletin ID SB2025120575

Severity

High

Patch available

YES

Number of vulnerabilities 31

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 31 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2024-58095)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the extAlloc() and extRecord() functions in fs/jfs/jfs_extent.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2025-21693)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zswap_pool_create(), zswap_cpu_comp_prepare(), zswap_cpu_comp_dead(), zswap_compress() and zswap_decompress() functions in mm/zswap.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2025-22020)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtsx_usb_ms_drv_remove() function in drivers/memstick/host/rtsx_usb_ms.c. A local user can escalate privileges on the system.

4) Buffer overflow (CVE-ID: CVE-2025-22026)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nfsd_show() function in fs/nfsd/stats.c, within the nfsd_net_init() function in fs/nfsd/nfsctl.c. A local user can perform a denial of service (DoS) attack.

5) Memory leak (CVE-ID: CVE-2025-22083)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vhost_scsi_set_endpoint(), target_undepend_item() and vhost_scsi_flush() functions in drivers/vhost/scsi.c. A local user can perform a denial of service (DoS) attack.

6) Out-of-bounds read (CVE-ID: CVE-2025-22107)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sja1105_table_delete_entry() function in drivers/net/dsa/sja1105/sja1105_static_config.c. A local user can perform a denial of service (DoS) attack.

7) Out-of-bounds read (CVE-ID: CVE-2025-23133)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath11k_reg_notifier(), ath11k_regd_update() and ath11k_regd_update_work() functions in drivers/net/wireless/ath/ath11k/reg.c. A local user can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2025-23147)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i3c_master_unregister_i3c_devs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.

9) Buffer overflow (CVE-ID: CVE-2025-23159)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the venus_sfr_print() function in drivers/media/platform/qcom/venus/hfi_venus.c. A local user can perform a denial of service (DoS) attack.

10) NULL pointer dereference (CVE-ID: CVE-2025-37758)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pxa_ata_probe() function in drivers/ata/pata_pxa.c. A local user can perform a denial of service (DoS) attack.

11) Use-after-free (CVE-ID: CVE-2025-37777)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_transport() function in fs/smb/server/transport_tcp.c, within the ksmbd_conn_free() function in fs/smb/server/connection.c. A local user can escalate privileges on the system.

12) Improper locking (CVE-ID: CVE-2025-37861)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mpi3mr_process_factsdata(), mpi3mr_process_admin_reply_q(), mpi3mr_process_op_reply_q(), mpi3mr_check_op_admin_proc() and mpi3mr_soft_reset_handler() functions in drivers/scsi/mpi3mr/mpi3mr_fw.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2025-37899)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the smb2_session_logoff() function in fs/smb/server/smb2pdu.c. A remote attacker can send specially crafted data to the SMB client during session logoff and compromise the affected system.

14) NULL pointer dereference (CVE-ID: CVE-2025-37994)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ucsi_displayport_remove_partner() function in drivers/usb/typec/ucsi/displayport.c. A local user can perform a denial of service (DoS) attack.

15) Improper locking (CVE-ID: CVE-2025-37997)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the net/netfilter/ipset/ip_set_hash_gen.h. A local user can perform a denial of service (DoS) attack.

16) Improper locking (CVE-ID: CVE-2025-38005)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the udma_check_tx_completion() function in drivers/dma/ti/k3-udma.c. A local user can perform a denial of service (DoS) attack.

17) Incorrect calculation (CVE-ID: CVE-2025-38058)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __legitimize_mnt() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.

18) Use-after-free (CVE-ID: CVE-2025-38071)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vhost_scsi_complete_cmd_work() and vhost_scsi_tmf_resp_work() functions in drivers/vhost/scsi.c. A local user can escalate privileges on the system.

19) NULL pointer dereference (CVE-ID: CVE-2025-38231)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfsd_startup_net() function in fs/nfsd/nfssvc.c. A local user can perform a denial of service (DoS) attack.

20) Use-after-free (CVE-ID: CVE-2025-38443)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nbd_start_device() and set_bit() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.

21) Use-after-free (CVE-ID: CVE-2025-38477)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qfq_change_class(), qfq_delete_class(), qfq_dump_class() and qfq_dump_class_stats() functions in net/sched/sch_qfq.c. A local user can escalate privileges on the system.

22) Input validation error (CVE-ID: CVE-2025-38501)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the alloc_transport() and ksmbd_kthread_fn() functions in fs/smb/server/transport_tcp.c. A remote attacker can perform a denial of service (DoS) attack.

23) Resource management error (CVE-ID: CVE-2025-38566)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the svc_tcp_sock_process_cmsg(), svc_tcp_read_msg() and svc_tcp_read_marker() functions in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.

24) Integer underflow (CVE-ID: CVE-2025-39677)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the pie_change() function in net/sched/sch_pie.c, within the hhf_change() function in net/sched/sch_hhf.c, within the fq_pie_change() function in net/sched/sch_fq_pie.c, within the fq_codel_change() function in net/sched/sch_fq_codel.c, within the fq_load_priomap() and fq_change() functions in net/sched/sch_fq.c, within the codel_change() function in net/sched/sch_codel.c. A local user can execute arbitrary code.

25) Buffer overflow (CVE-ID: CVE-2025-39810)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bnxt_set_xps_mapping(), bnxt_trim_dflt_sh_rings(), bnxt_set_dflt_rings() and bnxt_init_dflt_ring_mode() functions in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can escalate privileges on the system.

26) Buffer overflow (CVE-ID: CVE-2025-39817)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the efivarfs_d_compare() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.

27) Use-after-free (CVE-ID: CVE-2025-39866)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __mark_inode_dirty() function in fs/fs-writeback.c. A local user can escalate privileges on the system.

28) Resource management error (CVE-ID: CVE-2025-39911)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the i40e_vsi_request_irq_msix() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

29) NULL pointer dereference (CVE-ID: CVE-2025-39947)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/mlx5/driver.h. A local user can perform a denial of service (DoS) attack.

30) Use-after-free (CVE-ID: CVE-2025-39996)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the flexcop_pci_remove() function in drivers/media/pci/b2c2/flexcop-pci.c. A local user can escalate privileges on the system.

31) Resource management error (CVE-ID: CVE-2025-40016)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the drivers/media/usb/uvc/uvcvideo.h. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2776

Vulnerable Software

openEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-125.0.0.125
python3-perf: before 6.6.0-125.0.0.125
perf-debuginfo: before 6.6.0-125.0.0.125
perf: before 6.6.0-125.0.0.125
kernel-tools-devel: before 6.6.0-125.0.0.125
kernel-tools-debuginfo: before 6.6.0-125.0.0.125
kernel-tools: before 6.6.0-125.0.0.125
kernel-source: before 6.6.0-125.0.0.125
kernel-headers: before 6.6.0-125.0.0.125
kernel-extra-modules: before 6.6.0-125.0.0.125
kernel-devel: before 6.6.0-125.0.0.125
kernel-debugsource: before 6.6.0-125.0.0.125
kernel-debuginfo: before 6.6.0-125.0.0.125
bpftool-debuginfo: before 6.6.0-125.0.0.125
bpftool: before 6.6.0-125.0.0.125
kernel: before 6.6.0-125.0.0.125

SB2025120575 - openEuler 24.03 LTS SP2 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human