SB2025121216 - Anolis OS update for kernel:4.18

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2022-50543)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rxe_mr_alloc() and rxe_mr_init_user() functions in drivers/infiniband/sw/rxe/rxe_mr.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2023-53401)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mod_objcg_state(), consume_obj_stock(), drain_obj_stock() and refill_obj_stock() functions in mm/memcontrol.c. A local user can escalate privileges on the system.

3) Buffer overflow (CVE-ID: CVE-2023-53539)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the save_state() and rxe_requester() functions in drivers/infiniband/sw/rxe/rxe_req.c. A local user can perform a denial of service (DoS) attack.

4) Improper error handling (CVE-ID: CVE-2025-22116)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the idpf_stop() and idpf_init_task() functions in drivers/net/ethernet/intel/idpf/idpf_lib.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://anas.openanolis.cn/errata/detail/ANSA-2025:0930