Main Vulnerability Database SB2025121262

SB2025121262 - openEuler 24.03 LTS SP2 update for kernel

Published: December 12, 2025

Security Bulletin ID SB2025121262

Severity

Low

Patch available

YES

Number of vulnerabilities 20

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 20 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2025-21968)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hdcp_destroy() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c. A local user can escalate privileges on the system.

2) Memory leak (CVE-ID: CVE-2025-22025)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfs4_alloc_open_stateid() and nfsd_break_one_deleg() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.

3) Input validation error (CVE-ID: CVE-2025-22042)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the parse_lease_state() function in fs/smb/server/oplock.c. A local user can perform a denial of service (DoS) attack.

4) Input validation error (CVE-ID: CVE-2025-22043)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the parse_durable_handle_context() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

5) Buffer overflow (CVE-ID: CVE-2025-37973)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the cfg80211_defrag_mle() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2025-38350)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_alloc_handle() and qdisc_tree_reduce_backlog() functions in net/sched/sch_api.c. A local user can escalate privileges on the system.

7) Memory leak (CVE-ID: CVE-2025-38470)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __vlan_device_event() and vlan_device_event() functions in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.

8) Use-after-free (CVE-ID: CVE-2025-38527)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cifs_oplock_break() and cifs_put_tlink() functions in fs/smb/client/file.c. A local user can escalate privileges on the system.

9) Improper locking (CVE-ID: CVE-2025-38727)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the netlink_attachskb() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

10) Use-after-free (CVE-ID: CVE-2025-40052)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fill_transform_hdr(), smb2_aead_req_alloc() and crypt_message() functions in fs/smb/client/smb2ops.c. A local user can escalate privileges on the system.

11) Use-after-free (CVE-ID: CVE-2025-40061)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the do_task() function in drivers/infiniband/sw/rxe/rxe_task.c. A local user can escalate privileges on the system.

12) Use-after-free (CVE-ID: CVE-2025-40074)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ipv4_neigh_lookup() function in net/ipv4/route.c. A local user can escalate privileges on the system.

13) Improper locking (CVE-ID: CVE-2025-40075)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcpm_new(), __tcp_get_metrics_req() and tcp_get_metrics() functions in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.

14) Input validation error (CVE-ID: CVE-2025-40104)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/ethernet/intel/ixgbevf/vf.h. A local user can perform a denial of service (DoS) attack.

15) Out-of-bounds read (CVE-ID: CVE-2025-40121)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the MODULE_PARM_DESC() function in sound/soc/intel/boards/bytcr_rt5651.c. A local user can perform a denial of service (DoS) attack.

16) Use-after-free (CVE-ID: CVE-2025-40135)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_autoflowlabel() and ip6_xmit() functions in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

17) Use-after-free (CVE-ID: CVE-2025-40139)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smc_clc_msg_hdr_valid(), smc_clc_prfx_set4_rcu() and smc_clc_prfx_set() functions in net/smc/smc_clc.c. A local user can escalate privileges on the system.

18) Use-after-free (CVE-ID: CVE-2025-40149)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tls_device_queue_ctx_destruction() function in net/tls/tls_device.c. A local user can escalate privileges on the system.

19) Use of uninitialized resource (CVE-ID: CVE-2025-40155)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the domain_translation_struct_show() function in drivers/iommu/intel/debugfs.c. A local user can perform a denial of service (DoS) attack.

20) Use-after-free (CVE-ID: CVE-2025-40158)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_finish_output2() and ip6_finish_output() functions in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2804

Vulnerable Software

openEuler: 24.03 LTS SP2
python3-perf-debuginfo: before 6.6.0-127.0.0.126
python3-perf: before 6.6.0-127.0.0.126
perf-debuginfo: before 6.6.0-127.0.0.126
perf: before 6.6.0-127.0.0.126
kernel-tools-devel: before 6.6.0-127.0.0.126
kernel-tools-debuginfo: before 6.6.0-127.0.0.126
kernel-tools: before 6.6.0-127.0.0.126
kernel-source: before 6.6.0-127.0.0.126
kernel-headers: before 6.6.0-127.0.0.126
kernel-extra-modules: before 6.6.0-127.0.0.126
kernel-devel: before 6.6.0-127.0.0.126
kernel-debugsource: before 6.6.0-127.0.0.126
kernel-debuginfo: before 6.6.0-127.0.0.126
bpftool-debuginfo: before 6.6.0-127.0.0.126
bpftool: before 6.6.0-127.0.0.126
kernel: before 6.6.0-127.0.0.126