SB20260213124 - openEuler 20.03 LTS SP4 update for kernel

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Integer underflow (CVE-ID: CVE-2023-54284)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the write_ts_to_decoder() function in drivers/staging/media/deprecated/saa7146/av7110/av7110_av.c. A local user can execute arbitrary code.

2) Use-after-free (CVE-ID: CVE-2025-40018)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ip_vs_ftp_exit() and ip_vs_ftp_init() functions in net/netfilter/ipvs/ip_vs_ftp.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2025-68285)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the monmap_show() and osdmap_show() functions in net/ceph/debugfs.c. A local user can escalate privileges on the system.

4) Use of uninitialized resource (CVE-ID: CVE-2026-23003)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1340