Main Vulnerability Database SB20260213123

SB20260213123 - openEuler 22.03 LTS SP4 update for kernel

Published: February 13, 2026

Security Bulletin ID SB20260213123

Severity

Low

Patch available

YES

Number of vulnerabilities 58

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 58 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2022-49190)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the DEFINE_RWLOCK() and __initcall() functions in kernel/resource.c. A local user can perform a denial of service (DoS) attack.

2) Improper locking (CVE-ID: CVE-2022-49309)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtw_surveydone_event_callback() and rtw_scan_timeout_handler() functions in drivers/staging/rtl8723bs/core/rtw_mlme.c. A local user can perform a denial of service (DoS) attack.

3) Memory leak (CVE-ID: CVE-2022-49829)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the drm_sched_entity_kill_jobs_cb() and drm_sched_entity_kill_jobs() functions in drivers/gpu/drm/scheduler/sched_entity.c. A local user can perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2022-50151)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cdns3_allocate_trb_pool() function in drivers/usb/cdns3/cdns3-gadget.c. A local user can escalate privileges on the system.

5) Use-after-free (CVE-ID: CVE-2022-50159)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ima_get_kexec_buffer() function in drivers/of/kexec.c. A local user can escalate privileges on the system.

6) Use-after-free (CVE-ID: CVE-2022-50616)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the include/linux/regulator/driver.h. A local user can escalate privileges on the system.

7) NULL pointer dereference (CVE-ID: CVE-2022-50735)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mt76u_status_worker() function in drivers/net/wireless/mediatek/mt76/usb.c. A local user can perform a denial of service (DoS) attack.

8) Input validation error (CVE-ID: CVE-2023-52927)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nft_ct_set_zone_eval() and nft_ct_tmpl_alloc_pcpu() functions in net/netfilter/nft_ct.c, within the EXPORT_SYMBOL_GPL() and nf_ct_find_expectation() functions in net/netfilter/nf_conntrack_expect.c, within the init_conntrack() function in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.

9) NULL pointer dereference (CVE-ID: CVE-2023-53250)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dmi_sysfs_register_handle() function in drivers/firmware/dmi-sysfs.c. A local user can perform a denial of service (DoS) attack.

10) Out-of-bounds read (CVE-ID: CVE-2023-53254)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cache_shared_cpu_map_setup() and cache_shared_cpu_map_remove() functions in drivers/base/cacheinfo.c. A local user can perform a denial of service (DoS) attack.

11) Input validation error (CVE-ID: CVE-2023-53521)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ses_intf_remove_enclosure() function in drivers/scsi/ses.c. A local user can perform a denial of service (DoS) attack.

12) Memory leak (CVE-ID: CVE-2023-53594)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the device_add() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

13) Resource management error (CVE-ID: CVE-2023-53712)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the machine_crash_nonpanic_core() function in arch/arm/kernel/machine_kexec.c. A local user can perform a denial of service (DoS) attack.

14) Out-of-bounds read (CVE-ID: CVE-2023-53840)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xdbc_bulk_write() function in drivers/usb/early/xhci-dbc.c. A local user can perform a denial of service (DoS) attack.

15) Double free (CVE-ID: CVE-2023-54048)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the drivers/infiniband/hw/bnxt_re/qplib_fp.h. A local user can perform a denial of service (DoS) attack.

16) Resource management error (CVE-ID: CVE-2023-54145)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bpf_verifier_vlog() function in kernel/bpf/log.c. A local user can perform a denial of service (DoS) attack.

17) NULL pointer dereference (CVE-ID: CVE-2023-54321)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the device_add() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

18) Use-after-free (CVE-ID: CVE-2024-53179)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_get_sign_key(), smb2_find_smb_ses_unlocked(), smb2_calc_signature() and smb3_calc_signature() functions in fs/smb/client/smb2transport.c. A local user can escalate privileges on the system.

19) Memory leak (CVE-ID: CVE-2025-21981)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ice_init_arfs() function in drivers/net/ethernet/intel/ice/ice_arfs.c. A local user can perform a denial of service (DoS) attack.

20) Integer underflow (CVE-ID: CVE-2025-23138)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the watch_queue_set_size() function in kernel/watch_queue.c. A local user can execute arbitrary code.

21) Input validation error (CVE-ID: CVE-2025-37766)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vega20_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c. A local user can perform a denial of service (DoS) attack.

22) Division by zero (CVE-ID: CVE-2025-37770)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the vega10_fan_ctrl_set_fan_speed_rpm() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c. A local user can perform a denial of service (DoS) attack.

23) Out-of-bounds read (CVE-ID: CVE-2025-37947)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ksmbd_vfs_stream_write() function in fs/smb/server/vfs.c. A local user can perform a denial of service (DoS) attack.

24) Buffer overflow (CVE-ID: CVE-2025-38068)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the lzo1x_1_do_compress() and lzogeneric1x_1_compress() functions in lib/lzo/lzo1x_compress.c, within the obj-$() function in lib/lzo/Makefile, within the __lzo_compress() function in crypto/lzo.c, within the __lzorle_compress() function in crypto/lzo-rle.c. A local user can perform a denial of service (DoS) attack.

25) Improper locking (CVE-ID: CVE-2025-38154)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sk_psock_backlog() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

26) Use-after-free (CVE-ID: CVE-2025-38250)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the DEFINE_IDA(), hci_dev_get(), hci_dev_do_reset(), hci_dev_reset(), hci_alloc_dev_priv() and hci_unregister_dev() functions in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

27) Use of uninitialized resource (CVE-ID: CVE-2025-38480)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the insn_rw_emulate_bits() function in drivers/comedi/drivers.c. A local user can perform a denial of service (DoS) attack.

28) Out-of-bounds read (CVE-ID: CVE-2025-38556)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snto32() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

29) Integer overflow (CVE-ID: CVE-2025-38572)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.

30) Use of uninitialized resource (CVE-ID: CVE-2025-38574)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the pptp_xmit() function in drivers/net/ppp/pptp.c. A local user can perform a denial of service (DoS) attack.

31) Use-after-free (CVE-ID: CVE-2025-38618)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __vsock_bind_connectible() function in net/vmw_vsock/af_vsock.c. A local user can escalate privileges on the system.

32) Buffer overflow (CVE-ID: CVE-2025-38676)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_ivrs_acpihid() function in drivers/iommu/amd/init.c. A local user can escalate privileges on the system.

33) Out-of-bounds read (CVE-ID: CVE-2025-38728)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sizeof() function in fs/smb/client/smb2ops.c. A local user can perform a denial of service (DoS) attack.

34) NULL pointer dereference (CVE-ID: CVE-2025-39676)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla4xxx_get_ep_fwdb() function in drivers/scsi/qla4xxx/ql4_os.c. A local user can perform a denial of service (DoS) attack.

35) Resource management error (CVE-ID: CVE-2025-39702)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the seg6_hmac_validate_skb() function in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.

36) Improper locking (CVE-ID: CVE-2025-39744)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kernel/rcu/tree_plugin.h. A local user can perform a denial of service (DoS) attack.

37) Improper locking (CVE-ID: CVE-2025-39749)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kernel/rcu/tree_plugin.h. A local user can perform a denial of service (DoS) attack.

38) Improper error handling (CVE-ID: CVE-2025-39797)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the xfrm_state_lookup_byspi() and xfrm_alloc_spi() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.

39) Out-of-bounds write (CVE-ID: CVE-2025-39828)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the vcc_sendmsg() function in net/atm/common.c. A local user can execute arbitrary code.

40) NULL pointer dereference (CVE-ID: CVE-2025-39853)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i40e_client_add_instance() function in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can perform a denial of service (DoS) attack.

41) Use-after-free (CVE-ID: CVE-2025-39860)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.

42) Resource management error (CVE-ID: CVE-2025-39913)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_bpf_send_verdict() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.

43) Use-after-free (CVE-ID: CVE-2025-39945)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cnic_cm_stop_bnx2x_hw() function in drivers/net/ethernet/broadcom/cnic.c. A local user can escalate privileges on the system.

44) Use-after-free (CVE-ID: CVE-2025-40018)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ip_vs_ftp_exit() and ip_vs_ftp_init() functions in net/netfilter/ipvs/ip_vs_ftp.c. A local user can escalate privileges on the system.

45) Memory leak (CVE-ID: CVE-2025-40105)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the d_alloc() function in fs/dcache.c. A local user can perform a denial of service (DoS) attack.

46) Improper locking (CVE-ID: CVE-2025-40215)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __xfrm_state_destroy(), __xfrm_state_delete(), xfrm_state_flush(), xfrm_flush_gc() and xfrm_state_fini() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.

47) Use-after-free (CVE-ID: CVE-2025-40271)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pde_put(), remove_proc_entry() and remove_proc_subtree() functions in fs/proc/generic.c. A local user can escalate privileges on the system.

48) Use-after-free (CVE-ID: CVE-2025-40280)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tipc_net_finalize_work() function in net/tipc/net.c. A local user can escalate privileges on the system.

49) Improper locking (CVE-ID: CVE-2025-40342)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_fc_create_association() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.

50) NULL pointer dereference (CVE-ID: CVE-2025-40346)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the topology_parse_cpu_capacity() function in drivers/base/arch_topology.c. A local user can perform a denial of service (DoS) attack.

51) Input validation error (CVE-ID: CVE-2025-68192)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.

52) Use-after-free (CVE-ID: CVE-2025-68285)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the monmap_show() and osdmap_show() functions in net/ceph/debugfs.c. A local user can escalate privileges on the system.

53) Out-of-bounds read (CVE-ID: CVE-2025-68819)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dtv5100_i2c_msg() function in drivers/media/usb/dvb-usb/dtv5100.c. A local user can perform a denial of service (DoS) attack.

54) Improper resource shutdown or release (CVE-ID: CVE-2025-71084)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the destroy_mc() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.

55) Improper error handling (CVE-ID: CVE-2025-71091)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the __team_queue_override_enabled_check() function in drivers/net/team/team_core.c. A local user can perform a denial of service (DoS) attack.

56) NULL pointer dereference (CVE-ID: CVE-2025-71120)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.

57) NULL pointer dereference (CVE-ID: CVE-2026-22998)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_handle_h2c_data_pdu() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

58) Memory leak (CVE-ID: CVE-2026-23038)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfs4_ff_alloc_deviceid_node() function in fs/nfs/flexfilelayout/flexfilelayoutdev.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1341

Vulnerable Software

openEuler: 22.03 LTS SP4
python3-perf-debuginfo: before 5.10.0-301.0.0.204
python3-perf: before 5.10.0-301.0.0.204
perf-debuginfo: before 5.10.0-301.0.0.204
perf: before 5.10.0-301.0.0.204
kernel-tools-devel: before 5.10.0-301.0.0.204
kernel-tools-debuginfo: before 5.10.0-301.0.0.204
kernel-tools: before 5.10.0-301.0.0.204
kernel-source: before 5.10.0-301.0.0.204
kernel-headers: before 5.10.0-301.0.0.204
kernel-devel: before 5.10.0-301.0.0.204
kernel-debugsource: before 5.10.0-301.0.0.204
kernel-debuginfo: before 5.10.0-301.0.0.204
bpftool-debuginfo: before 5.10.0-301.0.0.204
bpftool: before 5.10.0-301.0.0.204
kernel: before 5.10.0-301.0.0.204

SB20260213123 - openEuler 22.03 LTS SP4 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human