SB20260213126 - openEuler 24.03 LTS SP1 update for kernel

Description

This security bulletin contains information about 14 secuirty vulnerabilities.

1) Improper locking (CVE-ID: CVE-2024-35808)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the raid_message() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2024-50102)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the IS_ENABLED() function in arch/x86/lib/getuser.S, within the RUNTIME_CONST() function in arch/x86/kernel/vmlinux.lds.S, within the arch_cpu_finalize_init() function in arch/x86/kernel/cpu/common.c. A local user can perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2025-38062)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iommu_dma_prepare_msi() function in drivers/iommu/dma-iommu.c. A local user can escalate privileges on the system.

4) Race condition within a thread (CVE-ID: CVE-2025-38383)

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the clear_vm_uninitialized_flag(), vmalloc_dump_obj() and vmalloc_info_show() functions in mm/vmalloc.c. A local user can corrupt data.

5) Improper locking (CVE-ID: CVE-2025-38449)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drm_gem_fb_destroy() and drm_gem_fb_init_with_funcs() functions in drivers/gpu/drm/drm_gem_framebuffer_helper.c, within the drm_gem_private_object_fini(), drm_gem_object_exported_dma_buf_free(), drm_gem_object_handle_put_unlocked() and drm_gem_handle_create_tail() functions in drivers/gpu/drm/drm_gem.c. A local user can perform a denial of service (DoS) attack.

6) Use of uninitialized resource (CVE-ID: CVE-2025-38531)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the st_sensors_allocate_trigger() function in drivers/iio/common/st_sensors/st_sensors_trigger.c, within the st_sensors_set_fullscale(), st_sensors_power_enable(), EXPORT_SYMBOL_NS(), st_sensors_set_drdy_int_pin() and st_sensors_init_sensor() functions in drivers/iio/common/st_sensors/st_sensors_core.c, within the apply_acpi_orientation() function in drivers/iio/accel/st_accel_core.c. A local user can perform a denial of service (DoS) attack.

7) Resource management error (CVE-ID: CVE-2025-38678)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nf_tables_updchain() and nft_flowtable_update() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

8) Out-of-bounds read (CVE-ID: CVE-2025-38685)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the con2fb_init_display() and fbcon_set_disp() functions in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2025-39744)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kernel/rcu/tree_plugin.h. A local user can perform a denial of service (DoS) attack.

10) Improper locking (CVE-ID: CVE-2025-39843)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the get_track(), set_track_update(), free_debug_processing(), ___slab_alloc() and free_to_partial_list() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.

11) Use-after-free (CVE-ID: CVE-2025-39910)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_vmap_area() and pcpu_get_vm_areas() functions in mm/vmalloc.c. A local user can escalate privileges on the system.

12) Resource management error (CVE-ID: CVE-2025-39913)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_bpf_send_verdict() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.

13) Input validation error (CVE-ID: CVE-2025-40300)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vcpu_enter_guest() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

14) Information disclosure (CVE-ID: CVE-2020-12965)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to CPUs transiently execute non-canonical loads using only the lower 48 address bits. A local attacker can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1338