Main Vulnerability Database SB2026020689

SB2026020689 - openEuler 20.03 LTS SP4 update for kernel

Published: February 6, 2026

Security Bulletin ID SB2026020689

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 14

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 14 vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2023-53254)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cache_shared_cpu_map_setup() and cache_shared_cpu_map_remove() functions in drivers/base/cacheinfo.c. A local user can perform a denial of service (DoS) attack.

2) Use of uninitialized resource (CVE-ID: CVE-2023-53309)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the radeon_cs_parser_init() function in drivers/gpu/drm/radeon/radeon_cs.c. A local user can perform a denial of service (DoS) attack.

3) Input validation error (CVE-ID: CVE-2023-53519)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/media/v4l2-mem2mem.h. A local user can perform a denial of service (DoS) attack.

4) Memory leak (CVE-ID: CVE-2023-53715)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the brcmf_map_fw_linkdown_reason() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.

5) Use of uninitialized resource (CVE-ID: CVE-2023-53847)

CWE-ID: CWE-908 - Use of Uninitialized Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the alauda_get_media_status() and alauda_init_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.

6) Buffer overflow (CVE-ID: CVE-2023-54168)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the set_user_sq_size() function in drivers/infiniband/hw/mlx4/qp.c. A local user can perform a denial of service (DoS) attack.

7) Use-after-free (CVE-ID: CVE-2023-54186)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pin_assignment_show() function in drivers/usb/typec/altmodes/displayport.c. A local user can escalate privileges on the system.

8) Memory leak (CVE-ID: CVE-2023-54294)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the raid10_run() function in drivers/md/raid10.c. A local user can perform a denial of service (DoS) attack.

9) Buffer overflow (CVE-ID: CVE-2023-54317)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the corrupt_bio_data() function in drivers/md/dm-flakey.c. A local user can perform a denial of service (DoS) attack.

10) Input validation error (CVE-ID: CVE-2025-38499)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the clone_private_mount() function in fs/namespace.c. A local user can perform a denial of service (DoS) attack.

11) Integer overflow (CVE-ID: CVE-2025-38572)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.

12) Use-after-free (CVE-ID: CVE-2025-38618)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __vsock_bind_connectible() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.

13) NULL pointer dereference (CVE-ID: CVE-2025-40178)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pid_nr_ns() function in kernel/pid.c. A local user can perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2025-40271)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pde_put(), remove_proc_entry() and remove_proc_subtree() functions in fs/proc/generic.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1306

Vulnerable Software

openEuler: 20.03 LTS SP4
kernel: before 4.19.90-2602.1.0.0361
bpftool: before 4.19.90-2602.1.0.0361
bpftool-debuginfo: before 4.19.90-2602.1.0.0361
kernel-debuginfo: before 4.19.90-2602.1.0.0361
kernel-debugsource: before 4.19.90-2602.1.0.0361
kernel-devel: before 4.19.90-2602.1.0.0361
kernel-source: before 4.19.90-2602.1.0.0361
kernel-tools: before 4.19.90-2602.1.0.0361
kernel-tools-debuginfo: before 4.19.90-2602.1.0.0361
kernel-tools-devel: before 4.19.90-2602.1.0.0361
perf: before 4.19.90-2602.1.0.0361
perf-debuginfo: before 4.19.90-2602.1.0.0361
python2-perf: before 4.19.90-2602.1.0.0361
python2-perf-debuginfo: before 4.19.90-2602.1.0.0361
python3-perf: before 4.19.90-2602.1.0.0361
python3-perf-debuginfo: before 4.19.90-2602.1.0.0361

SB2026020689 - openEuler 20.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human