openEuler 24.03 LTS SP2 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 20 |
| CVE-ID | CVE-2025-21968 CVE-2025-22025 CVE-2025-22042 CVE-2025-22043 CVE-2025-37973 CVE-2025-38350 CVE-2025-38470 CVE-2025-38527 CVE-2025-38727 CVE-2025-40052 CVE-2025-40061 CVE-2025-40074 CVE-2025-40075 CVE-2025-40104 CVE-2025-40121 CVE-2025-40135 CVE-2025-40139 CVE-2025-40149 CVE-2025-40155 CVE-2025-40158 |
| CWE-ID | CWE-416 CWE-401 CWE-20 CWE-119 CWE-667 CWE-125 CWE-908 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
openEuler Operating systems & Components / Operating system python3-perf-debuginfo Operating systems & Components / Operating system package or component python3-perf Operating systems & Components / Operating system package or component perf-debuginfo Operating systems & Components / Operating system package or component perf Operating systems & Components / Operating system package or component kernel-tools-devel Operating systems & Components / Operating system package or component kernel-tools-debuginfo Operating systems & Components / Operating system package or component kernel-tools Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-headers Operating systems & Components / Operating system package or component kernel-extra-modules Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-debugsource Operating systems & Components / Operating system package or component kernel-debuginfo Operating systems & Components / Operating system package or component bpftool-debuginfo Operating systems & Components / Operating system package or component bpftool Operating systems & Components / Operating system package or component kernel Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 20 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU106629
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21968
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hdcp_destroy() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU107655
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22025
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_alloc_open_stateid() and nfsd_break_one_deleg() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU107808
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22042
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_lease_state() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU107809
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22043
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the parse_durable_handle_context() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU109564
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-37973
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cfg80211_defrag_mle() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU113101
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38350
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_alloc_handle() and qdisc_tree_reduce_backlog() functions in net/sched/sch_api.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU113369
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38470
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __vlan_device_event() and vlan_device_event() functions in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU114133
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38527
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cifs_oplock_break() and cifs_put_tlink() functions in fs/smb/client/file.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU114832
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-38727
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netlink_attachskb() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU117721
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40052
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fill_transform_hdr(), smb2_aead_req_alloc() and crypt_message() functions in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU117719
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40061
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_task() function in drivers/infiniband/sw/rxe/rxe_task.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU117718
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40074
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv4_neigh_lookup() function in net/ipv4/route.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU117741
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40075
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcpm_new(), __tcp_get_metrics_req() and tcp_get_metrics() functions in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU117863
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40104
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/ixgbevf/vf.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU118403
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40121
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the MODULE_PARM_DESC() function in sound/soc/intel/boards/bytcr_rt5651.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU118393
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40135
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_autoflowlabel() and ip6_xmit() functions in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU118394
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40139
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smc_clc_msg_hdr_valid(), smc_clc_prfx_set4_rcu() and smc_clc_prfx_set() functions in net/smc/smc_clc.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU118392
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40149
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_device_queue_ctx_destruction() function in net/tls/tls_device.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use of uninitialized resource
EUVDB-ID: #VU118429
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40155
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the domain_translation_struct_show() function in drivers/iommu/intel/debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU118390
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-40158
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_finish_output2() and ip6_finish_output() functions in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126
CPE2.3- cpe:2.3:o:openeuler:openeuler:24.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:python3-perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:python3-perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:perf:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-tools:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-source:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-headers:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-extra-modules:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:bpftool:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:kernel:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
