SB2026031531 - openEuler 22.03 LTS SP4 update for kernel

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2024-57979)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ptp_ocp_complete() function in drivers/ptp/ptp_ocp.c, within the DEFINE_MUTEX(), pps_cdev_pps_fetch(), pps_cdev_ioctl(), pps_cdev_compat_ioctl(), pps_device_destruct(), pps_register_cdev(), pps_unregister_cdev(), EXPORT_SYMBOL() and pps_init() functions in drivers/pps/pps.c, within the pps_kc_bind() and pps_kc_remove() functions in drivers/pps/kc.c, within the pps_add_offset(), pps_register_source() and pps_event() functions in drivers/pps/kapi.c, within the parport_irq() function in drivers/pps/clients/pps_parport.c, within the pps_tty_dcd_change(), pps_tty_open() and pps_tty_close() functions in drivers/pps/clients/pps-ldisc.c, within the pps_ktimer_exit() and pps_ktimer_init() functions in drivers/pps/clients/pps-ktimer.c, within the pps_gpio_probe() function in drivers/pps/clients/pps-gpio.c. A local user can escalate privileges on the system.

2) NULL pointer dereference (CVE-ID: CVE-2025-39902)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the object_err() function in mm/slub.c. A local user can perform a denial of service (DoS) attack.

3) Integer overflow (CVE-ID: CVE-2025-39967)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the fbcon_set_font() function in drivers/video/fbdev/core/fbcon.c. A local user can execute arbitrary code.

4) Buffer overflow (CVE-ID: CVE-2026-23054)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the netvsc_set_rxfh() function in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.

5) Infinite loop (CVE-ID: CVE-2026-23138)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __ftrace_trace_stack() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.

6) Use-after-free (CVE-ID: CVE-2026-23191)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the is_access_interleaved() and loopback_check_format() functions in sound/drivers/aloop.c. A local user can escalate privileges on the system.

7) Use-after-free (CVE-ID: CVE-2026-23209)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macvlan_common_newlink() function in drivers/net/macvlan.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1569