Main Vulnerability Database SB2026012359

SB2026012359 - openEuler 24.03 LTS SP1 update for kernel

Published: January 23, 2026

Security Bulletin ID SB2026012359

Severity

Medium

Patch available

YES

Number of vulnerabilities 13

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.

1) Improper locking (CVE-ID: CVE-2024-53685)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fs/ceph/mds_client.c. A local user can perform a denial of service (DoS) attack.

2) Input validation error (CVE-ID: CVE-2024-58241)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_dev_close_sync() function in net/bluetooth/hci_sync.c. A local user can perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2025-21652)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the default_operstate() function in net/core/link_watch.c. A local user can escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2025-37777)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_transport() function in fs/smb/server/transport_tcp.c, within the ksmbd_conn_free() function in fs/smb/server/connection.c. A local user can escalate privileges on the system.

5) Improper error handling (CVE-ID: CVE-2025-37928)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __scan() function in drivers/md/dm-bufio.c. A local user can perform a denial of service (DoS) attack.

6) Race condition (CVE-ID: CVE-2025-37985)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the pidff_reset() function in drivers/hid/usbhid/hid-pidff.c. A local user can escalate privileges on the system.

7) Input validation error (CVE-ID: CVE-2025-38008)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the kvm_xen_vcpu_set_attr() function in arch/x86/kvm/xen.c. A local user can perform a denial of service (DoS) attack.

8) Input validation error (CVE-ID: CVE-2025-38436)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drm_sched_entity_kill_jobs_work() function in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.

9) Input validation error (CVE-ID: CVE-2025-38501)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the alloc_transport() and ksmbd_kthread_fn() functions in fs/smb/server/transport_tcp.c. A remote attacker can perform a denial of service (DoS) attack.

10) NULL pointer dereference (CVE-ID: CVE-2025-39673)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ppp_fill_forward_path(), ppp_unregister_channel(), ppp_connect_channel() and ppp_disconnect_channel() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

11) Memory leak (CVE-ID: CVE-2025-39835)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the xfs_da_read_buf() function in fs/xfs/libxfs/xfs_da_btree.c. A local user can perform a denial of service (DoS) attack.

12) Resource management error (CVE-ID: CVE-2025-39925)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the j1939_sk_netdev_event_netdown() function in net/can/j1939/socket.c. A local user can perform a denial of service (DoS) attack.

13) Out-of-bounds read (CVE-ID: CVE-2025-68301)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the aq_ring_rx_clean() function in drivers/net/ethernet/aquantia/atlantic/aq_ring.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1229

Vulnerable Software

openEuler: 24.03 LTS SP1
python3-perf-debuginfo: before 6.6.0-135.0.0.129
python3-perf: before 6.6.0-135.0.0.129
perf-debuginfo: before 6.6.0-135.0.0.129
perf: before 6.6.0-135.0.0.129
kernel-tools-devel: before 6.6.0-135.0.0.129
kernel-tools-debuginfo: before 6.6.0-135.0.0.129
kernel-tools: before 6.6.0-135.0.0.129
kernel-source: before 6.6.0-135.0.0.129
kernel-headers: before 6.6.0-135.0.0.129
kernel-devel: before 6.6.0-135.0.0.129
kernel-debugsource: before 6.6.0-135.0.0.129
kernel-debuginfo: before 6.6.0-135.0.0.129
bpftool-debuginfo: before 6.6.0-135.0.0.129
bpftool: before 6.6.0-135.0.0.129
kernel: before 6.6.0-135.0.0.129